[ietf-enroll] Fwd: Draft Minutes IETF 60 ENROLL

Paul Hoffman / VPNC paul.hoffman at vpnc.org
Tue Aug 24 22:39:50 EDT 2004 

Everyone: please take a look at these minutes and send any 
corrections to the list. Thanks!

--Paul Hoffman

>Date: Tue, 24 Aug 2004 09:29:46 -0400
>From: "Sean P. Turner" <turners at ieca.com>
>Organization: IECA, Inc.
>X-Accept-Language: en-us, en
>To: "Hoffman, Paul" <phoffman at imc.org>
>Subject: Draft Minutes IETF 60 ENROLL
>
>Here are the corrected minutes - maybe you should just send them in. 
>I'm not sure if it's my mail filters dumping the subscribe response 
>or not...
>
>Minutes for the ENROLL Meeting
>IETF 60
>August 2, 2004
>
>1. Agenda: Hoffman presented the Agenda: Agenda bashing (Paul 
>Hoffman), draft-pritikin-ttimodel,  (Max Pritikin), Comments on the 
>ttimodel draft (Jim Schaad), Where do we go?, and Revisions of 
>Milestones.
>
>2. Trusted Transitive Introduction Model: Pritikin presented an 
>overview of the ttimodel draft.  Model is essentially that of a 
>secure introductions system, which is a third party that facilitates 
>the "out of band" exchanges between systems trying to establish 
>authentication.  Process is recursive, so the more stages you go 
>through the more systems you can communicate securely with.  Basic 
>low-security exchange must occur as the first step, but this may 
>take place during manufacturing or staging over a physically secure 
>link (i.e., a short wire).  This initial introduction would allow 
>the device to "imprint" on its first connection, establishing basic 
>policies, initial credentials, etc.
>
>Somebody asked for clarification that you don't have to establish 
>initial credentials or policy during the initial imprint, but it's a 
>good idea to do so. Pritikin agreed that this was the case.  He 
>suggested that competitive pressure would drive vendors to do more 
>during the initial imprint, because it gives you a competitive 
>advantage over other products that do less.
>
>Kumar (from Panasonic) asked how, if you're making lots of small 
>devices, how you can stop the production line to initialize each. 
>Pritikin noted that this complex configuration may not be common. 
>That simpler examples may be the norm for small devices.  Chris 
>Bonatti asked for clarification that this initial step was analogous 
>to a manufacturing initialization, like loading a unique serial 
>number onto an Ethernet adapter.  Pritikin agreed and Hoffman 
>amplified, noting yes but an operation unique to ENROLL.
>
>Randy Turner remarked that mass marketing was a unique environment, 
>and that he would like to see the existence proof for this concept. 
>Pritikin noted that the communication paths exist in the "out of 
>band" case.  It's merely a question of whether your model takes 
>advantage of that in a way that you can build on in a structured 
>way.  Pritikin proposed that we evaluate whether this approach is a 
>good way forward for ENROLL, finalize the draft as a WG document.
>
>3. Comments on Trusted Transitive Introduction Model: Schaad 
>presented some prepared comments on the ttimodel draft.  He stated 
>that he does not think that the existing document does a good job at 
>what a model document should be.  However, he thinks that the model 
>implied makes sense.  He presented an alternate view of the model 
>using the roles of Petitioner, Registrar, and Introducer.  He noted 
>that in some scenarios the introducers might not be the same entity 
>for authenticating the Petitioner to the Registrar and vice versa. 
>He equated his "mediated" model as being equivalent to what is 
>presented in the ttimodel draft. 
>
>Randy Turner summarized Schaad's comments by referring to the "Goal 
>of ENROLL" slide.  To wit, produce a document that: Describes a 
>model of doing introduction, Describes security aspects of model, 
>Allows for designers of protocols to evaluate their protocol against 
>the model.  Randy suggested that Schaad was saying that the TTI 
>model does the first, but not the second.  Schaad responded that he 
>was looking for something higher level that compared different 
>approaches.  Pritikin was happy to add more models to the document 
>to address Schaad's concerns.
>
>4.  Milestones: Hoffman was unsure whether the work could be 
>completed in a year and asked who is interest.  Many raised their 
>hands and it was agreed to press forward with the work under the 
>assumption that it should be completed within the year.
>
>Cheers,
>
>spt

More information about the ietf-enroll mailing list