DANISH BOF. Friday March 12, 1300 UTC
Notes are at: https://codimd.ietf.org/notes-ietf-110-danish?edit
Meetecho is at: https://gce.conf.meetecho.com/conference/?group=danish&short=&item=1
73 entities in the jabber room.
Discussion in jabber about mTLS, mutual-TLS, and where the term came from, and it seems to come from corporate world, and often used in OAUTH, but not typically used within TLS WG circles.
No clarifying questions asked.
Discussion in chat regarding some confusion over acronyms used in slides.
Brendan Moran question about DNS records for IoT devices. Concern about security implications of namespace being advertised in records, wondered if IP addresses would also be included? Answer: No, IP addresses not included.
Viktor Dukhovni comment regarding privacy, suggests issuing certs using private CA vice public one to mitigate risk.
Some discussion in chat about how well NSEC3 works to avoid enumeration (vs white lies, vs NSEC5)
Hannes Tschofenig: Comment on documents referenced in slides; mostly positive reaction.
Viktor Dukhovni: Wonders if delivery of CA certificates is redundant when done over secure web connection.
Viktor: in the network access space, the client probably wants to change identities early on in the lifespan. Discussion about changing keys, BRSKI, ec.
Jim Reid: the scope has been fairly clear and complete. However, we might be talking amongst ourselves. We need more engagement from manufacturers and vendors of IoT devices. We aren't seeing a lot of uptake of DNSSEC or DANE among the clueful, so how would IoT manufacturers will work? Concerns acknowledged; mention of some work already being done to get vendors involved.
Jacques Latour: Discusses work he's been involved with that's similar to the topic of the BoF. https://github.com/CIRALabs/CIRA-Secure-IoT-Registry Likes idea, thinks it needs to be made simple. Provides information on some challenges in this area that he and his team have struggled with and managed to overcome.
Wes: Seems that the problem space is understood and that there's general support for IETF to tackle the problem. (No opposition expressed.)
Wes: Are the three documents a good place to start?
Shumon: draft-wilson-dane-pkix-cd-00 new, so lots of people haven't had time to read it yet.
Jim: Question on next steps. Go for working group now, or discuss on list?
Roman: It all depends. Explains process.
Ben Kaduk: Don't want to wait have discussion.
Roman: Agreed. Start talking about charter on mailing list
Hannes: Discussion of architecture document
Roman: Concur that architecture document would be helpful
Wes: Want to help? Subscribe to mailing list
Discussion in chat about how "boringly straightforward" and "well run" the BoF session was.
Slides available for download from datatracker - https://datatracker.ietf.org/meeting/110/materials/slides-110-danish-danish-bof-slides-02 https://datatracker.ietf.org/meeting/110/materials/slides-110-danish-chair-slides-00