Last Modified: 2005-01-25
Sep 04 | First WG draft of model document | |
Mar 05 | First draft of profile document(s) | |
May 05 | Last call on model document | |
Dec 05 | Last call on profile document(s) |
ENROLL WGTuesday, March 8Minutes taken by Paul Hoffman and Don Eastlake --combined by Paul Hoffman Paul Hoffman and Eric Rescorla, chairs Paul talked about the status of the WG and the very little work that had happened on the mailing list. Max Pritikin's draft has expired. There have been difficulties with definitions. Agenda: spend about a half hour on drafts, then talk about futures. Jim Schaad discussed Max's draft Expired: draft-pritikin-ttimodel-01.txt It is really about introduction, not enrollment The draft talks about the parties to be introduced and a trusted-third-party who knows them both "Imprint" kind of means leap of faith to trust who you see first. Manufacturer insertion of crypto variables or the like into a device at start is a type of third party introduction (between device and manufacturer registration service). Deciding whether you have single or bi-directional flow through TTP is important Bi-directional allows zero-knowledge stuff where maybe TTP doesn't know if Alice and Bob agreed Writing the model document and having a common lexicon would be very valuable. Hoffman: Which terms are most important to define? Schaad: Introduction One-way courier and two-way courier Third party post-verification Hannes Tschofenig discussed his "Next Steps for ENROLL" draft draft-tschofenig-enroll-next-steps-00.txt Enroll touches on both imprinting and bootstrapping These are sufficiently different that they should be treated separately Imprinting == procedure to equip a component with a secret value of a cryptographic parameter. Boostrapping Only fuzzy definitions available but frequently discussed in IETF docs EAP type protocols SIPPING-CERT 3GPP Generic Authentication Various MIP6 Kerberos ... Rescrola: KDC's (Key Distribution Centers) start with strong keying material while bootstrapping is to get to strong material from weak material The problem affects many WGs but general solution may be hard Lack of a specific problem domain often confuses people Shore: why is imprinting an IETF work? What's the interoperability issue? Tschofenig: Say you want to configure a laptop with some EAP methods using a USB stick ... Sommerfeld: the format of imprinting message is important Shovelling around is less important Should include octet string There really isn't any better forum for "imprinting" work Tschofenig: You need to know what protocol you are using Someone: USB stick can be considered equivalent to a wire. Rescorla: different way to think about imprinting Have a high bandwidth channel and low-bandwidth channel (your hands) Low bandwidth is not IETFy Can we do imprinting only? You need to define a bootstrap protocol to use the insecure channel to secure the insecure channel Crypto is IETFy USB stick is conduit for the low bandwidth channel Can we get a good enough handle on low bandwidth channel interaction methods? (We understand protocols) Hoffman to group: Is enough work being done on imprinting and bootstrapping elsewhere that we just need to do a definitions document? (No hands raised.) Joe Salloway: a fair amount of work in other WGs is happening Some stuff is being reinvented Maybe do a survey of imprinting to see if there is a common problem There is probably an enrollment phase Worries that there is a lot of duplication in bootstrapping that would benefit for some standardization Boostrapping will be easier than Imprinting since there is more work going on Hoffman: Has anyone looked at imprinting work being done elsewhere? Eronen did a short survey of imprinting, has a bunch Rescorla also has a pile of papers Hoffman proposed that a terminology document would be useful if we don't produce anything else Could help other WGs Could elicit some independent model document No volunteers came forward; maybe after the meeting Hoffman: what about a survey of what the IETF has done so far on bootstrapping and imprinting Shore somewhat accepted that task Can use Tschofenig's slides as a start Adjourned |
None received.