Security Dispatch (Secdispatch) WG Minutes IETF 102 Monday, July 16, 2018 15:50-17:50, Monday Afternoon session II Room: Viger Summary ======= The following items were brought to the WG meeting and were dispatched as follows: (1) draft-birkholz-attestation-terminology-02 -- convene a BoF (2) draft-mandyam-eat-00 -- convene a BoF (3) draft-sheffer-acme-star-request-02 -- bring to ACME WG (4) draft-jholland-mboned-ambi-00 -- clarify use case and frame approach around this use case to determine next steps (5) draft-mavrogiannopoulos-pkcs8-validated-parameters-02 -- publish draft as-is with ISE (6) draft-hallambaker-dare-message-00, draft-hallambaker-dare-container-00 and draft-hallambaker-jsonbcd-12 -- more discussion is required to determine next steps (7) draft-jones-webauthn-secp256k1-00 -- update the appropriate COSE/JOSE IANA registries referenced in this document using 2-byte identifiers 1. Logistics and introduction ============================= presenters: chairs slides: https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-chairs-summary-03 The chairs introduced the Security Dispatch process and the drafts under discussion. 2. Dispatch items ================= (1) Reference Terminology for Remote Attestation Procedures ----------------------------------------------------------- draft: draft-birkholz-attestation-terminology-02 presenter: Henk Birkholz slides: https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-reference-terminology-for-remote-attestation-procedures-draft-birkholz-attestation-terminology-02-01 dispatch result: Convene a BoF on the topic. The WG showed interested in the topic but there wasn't an obvious fit with an existing WG. (2) Entity Attestation Token ---------------------------- draft: draft-mandyam-eat-00 presenter: Laurence Lundblade slides: https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-entity-attestation-token-draft-mandyam-eat-00-00 dispatch result: Convene a BoF on the topic. The WG showed interested in the topic but there wasn't an obvious fit with an existing WG. (3) Generating Certificate Requests for STAR Certificates --------------------------------------------------------- draft: draft-sheffer-acme-star-request-02 presenter: Diego Lopez slides: https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-generating-certificate-requests-for-star-certificates-draft-sheffer-acme-star-request-02-00 dispatch results: Bring this draft to ACME WG. (4) Asymmetric Manifest Based Integrity --------------------------------------- draft: draft-jholland-mboned-ambi-00 presenter: Kyle Rose slides: https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-asymmetric-manifest-based-integrity-draft-jholland-mboned-ambi-00-02 dispatch result: Clarify the use case(s) for that this draft addresses to inform the next steps. The WG was unable to evaluate the draft as a generic solution. (5) Storing validation parameters in PKCS#8 ------------------------------------------- draft: draft-mavrogiannopoulos-pkcs8-validated-parameters-02 presenter: Eric Rescorla (for Ben Kaduk) slides: https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-storing-validation-parameters-in-pkcs8-draft-mavrogiannopoulos-pkcs8-validated-parameters-00 At the request of the Independant Stream Editor (ISE) and an AD (Ben Kaduk), this draft was brought to the WG. Chairs did a consensus call on next steps with this draft with these options: - Publish in the ISE (as currently submitted) - Publish with AD-sponsored - Publish another way in the IETF stream - Do not publish "Publish in the ISE" was the consensus. dispatch result: Publish as this draft in the ISE (6) DARE Message and Container Formats -------------------------------------- drafts: draft-hallambaker-dare-message-00, draft-hallambaker-dare-container-00, draft-hallambaker-jsonbcd-12 presenter: Phillip Hallam-Baker slides: https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-dare-message-and-container-formats-01 dispatch result: More discussion and interest is necessary to suggest next steps. (7) Using secp256k1 with JOSE and COSE -------------------------------------- draft: draft-jones-webauthn-secp256k1-00 presenter: Mike Jones slides: https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-using-secp256k1-with-jose-and-cose-draft-jones-webauthn-secp256k1-00-00 dispatch result: Update the appropriate COSE/JOSE IANA registries referenced in this draft using 2-byte identifiers (since this action would be "specification required")