NOTE: This charter is a snapshot of the 48th IETF Meeting in Pittsburgh, Pennsylvania. It may now be out-of-date. Last Modified: 17-Jul-00
Chair(s):
Wei Lu <wlu@syl.dl.nec.com>
Security Area Director(s):
Jeffrey Schiller <jis@mit.edu>
Marcus Leech <mleech@nortelnetworks.com>
Security Area Advisor:
Jeffrey Schiller <jis@mit.edu>
Mailing Lists:
General Discussion:aft@socks.nec.com
To Subscribe: aft-request@socks.nec.com
Archive: http://www.socks.nec.com/aftmail/
Description of Working Group:
The goal of the Authenticated Firewall Traversal Working Group is to specify a protocol to address the issue of application-layer support for firewall traversal. The working group intends to specify a traversal protocol supporting both TCP and UDP applications with a general framework for authentication of the firewall traversal. To promote interoperability, the group will also propose a base authentication technique for use within the general authentication framework.
The output of the group will consist of a standards-track RFC(s) describing the traversal protocol, the base authentication methods and a reference implementation of the protocol, and base authentication methods. The working group will start with the SOCKS system described by David Koblas in his paper presented at the 1992 Usenix Security Symposium.
Goals and Milestones:
Oct 94 |
|
Publish sample implementation for UNIX. |
Done |
|
Issue Internet-Draft on V5 SOCKS protocol. |
Nov 94 |
|
Publish sample implementation for UNIX. |
Done |
|
Issue Internet-Draft on SOCKS base authentication methods. |
Dec 94 |
|
Submit final draft of SOCKS protocol and authentication methods for RFC. |
Internet-Drafts:
Request For Comments:
RFC |
Status |
Title |
RFC1928 |
PS |
SOCKS Protocol Version 5 |
RFC1929 |
PS |
Username/Password Authentication for SOCKS V5 |
RFC1961 |
PS |
GSS-API Authentication Method for SOCKS Version 5 |
Minutes of AFT WG at 48nd IETF-Pittsburgh meeting
Authenticated Firewall Traversal Working Group Meeting
July 31, 2000
Pittsburgh, USA
Chaired by Wei Lu <wlu@syl.dl.nec.com>
Reported by Wei Lu
--------------------------------------------------
AGENDA
--------------------------------------------------
- Closing the revision of RFC 1928.
- Review the proposed protocol framework.
- Miscellaneous.
--------------------------------------------------
Closing the revision of RFC 1928
--------------------------------------------------
Marc VanHeyningen summarized the revision of RFC 1928.
Highlights of the revision are:
- LIPKEY is chosen as the mechanism for GSS-API authentication method for SOCKS.
- Clarified UDP command option and UDP subcommand.
The WG agreed that the draft will move to the last call.
--------------------------------------------------
Review the proposed protocol framework
--------------------------------------------------
Wei Lu presented a sketch of the protocol framework for the next version of SOCKS. It includes
- TCP CONNECT support.
- TCP BIND support.
- UDP SEND support.
- UDP BIND support.
- MULTICAST SEND support.
- MULTICAST BIND (JOIN/ADD_MEMBERSHIP) support.
- MULTICAST DROP (LEAVE/DROP_MEMBERSHIP) support.
- UDP/MULTICAST DATA
- UDP/MULTICAST PEER
- UDP/MULTICAST CLOSE
- FIREWALL ADD address association ID
- FIREWALL REMOVE address association ID
--------------------------------------------------
Miscellaneous
--------------------------------------------------
Melinda Shore asked whether AFT is willing to get more involved in firewall traversal support for emerging multimedia applications. Wei Lu commented that AFT will consider such involvements. He will consult with AFT members and members of other groups for a final decision.
Wei Lu urged AFT members to be active participants, instead of passive listeners.
None received.