[Wpack] Charter proposal
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 21 November 2019 02:10 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: wpack@ietfa.amsl.com
Delivered-To: wpack@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47A2D120144 for <wpack@ietfa.amsl.com>; Wed, 20 Nov 2019 18:10:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.406
X-Spam-Level:
X-Spam-Status: No, score=-1.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.244, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XCKiW-1ZFJ2c for <wpack@ietfa.amsl.com>; Wed, 20 Nov 2019 18:10:14 -0800 (PST)
Received: from mail-oi1-f175.google.com (mail-oi1-f175.google.com [209.85.167.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16D19120077 for <wpack@ietf.org>; Wed, 20 Nov 2019 18:10:14 -0800 (PST)
Received: by mail-oi1-f175.google.com with SMTP id e9so1750578oif.8 for <wpack@ietf.org>; Wed, 20 Nov 2019 18:10:14 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=EETvR+5bE+LKQrlFKG6B+u/N4vXbfmh0dBBYfibSYw8=; b=INYt2Xjen9Ibb769t/ypeHQxB2KtQEVFdOulTM+rU5oXltMDLhbT7hA5u4BJ2GpjAM AMWhsu5LxAC8opmmnpyMxu4d1YTm4gi4X4ntzRD2Ir1ilfD3t4R0qLD16M9zG3LljMY0 w5u4HVL4HXe6orWR7H2sKvve8V3NlE8n78206paUZvpySJ5GD7uwQK1ZK8boiYQcepra zkJYCOWC7U2FLRcVOWQlle7cGTahkMd2HuN0peOjyQ/KyjFk1osUr1u88xbpmLnSMoD4 ZLG6SBleZ0g2Ms0JhXE7jozIVr4JTfAlBUugkp1fnkvxa6J8GZ81upB5Mr6J36XKnUIG 8PiA==
X-Gm-Message-State: APjAAAVwZIZCuVfLozV4Ajm4KWG/d93cNtbcuDpjvHdiJBGmqb3POzPz +5uDxSkPaCSmT+XdtDPMEOweHak1ZDaLDAyEfIxgQQ1R
X-Google-Smtp-Source: APXvYqz9fBZrFhIt9rkDxf2Z3qFV6K+haGoIvZVhuPIorSz1XNPefgZMFuVjEazpG+A2EB9ux/WJK6M3tg5JtO/Hx+4=
X-Received: by 2002:aca:484e:: with SMTP id v75mr5633714oia.6.1574302212944; Wed, 20 Nov 2019 18:10:12 -0800 (PST)
MIME-Version: 1.0
References: <CAOdDvNrFOYNr+Y+orfKnVW4Wi+h-XwTFx089N_dpnFuLQ08Ftg@mail.gmail.com> <CAOdDvNr1GwEpExuU3iAEOoRX4bFD=CSUKk1sMyyi6ES+cF853g@mail.gmail.com>
In-Reply-To: <CAOdDvNr1GwEpExuU3iAEOoRX4bFD=CSUKk1sMyyi6ES+cF853g@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 21 Nov 2019 10:10:00 +0800
Message-ID: <CAMm+Lwg_CezzucVQ=RR3_iZ_119DoV7mjLD2b6oMXTgf06K=-g@mail.gmail.com>
To: wpack@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002bf7fb0597d1cc9b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/wpack/__e_worAiXOVRiLgIFVpIZuoPG4>
Subject: [Wpack] Charter proposal
X-BeenThere: wpack@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Web Packaging <wpack.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpack>, <mailto:wpack-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpack/>
List-Post: <mailto:wpack@ietf.org>
List-Help: <mailto:wpack-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpack>, <mailto:wpack-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 02:10:15 -0000
I see three distinct pieces of work here. 1) The container encoding 2) Determining the correspondence to HTTP 3) Working out what signatures actually mean Developing an encoding format is relatively straightforward, we don't even need to pick a single one. If people are happy having separate encodings to support signed content and signed/encrypted content, that is fine with me. But if this group is chartered with encryption excluded from the encoding considerations, then that is a commitment to two encodings in perpetuity. With the best will in the world, merging the streams two years after they have diverged is a non-starter. So what I would like to see is encryption in scope for the WG but not decryption. And that is not a joke. Encryption is easy. The hard part is deciding how to decrypt. And that is a problem that is properly outside the scope of the WG. The Mathematical Mesh provides two separate decryption schemes. One is the use of EARLs, the other is a key distribution center scheme that gives a subset of DRM capabilities I call confidential document control (preventing redistribution of the plaintext is out of scope). And WPACK need not depend on the Mesh for decryption capabilities. Nor should it. All the package needs to do is to provide a means of identifying the key used for encryption (hash of the public key or the symmetric key), the key exchange information and provide an open extensible structure for throwing in whatever advice you might want. So I would like to see the 'DRM' etc. parts removed from the charter scope and instead have encryption in scope and decryption out of scope. Now the question we might want to consider is whether the same should be true for the interpretation of signatures... I am not sure. It is certainly a large and complex piece of work and the HTTP part is also large and complex.
- [Wpack] WPACK BoF Notes Patrick McManus
- Re: [Wpack] WPACK BoF Notes Patrick McManus
- [Wpack] Charter proposal Phillip Hallam-Baker