[ietf-enroll] Minutes from Minneapolis, first draft

Paul Hoffman paul.hoffman at vpnc.org
Sun Mar 13 19:00:29 EST 2005 

Please let me know if you have any changes or amplifications...

ENROLL WG
Tuesday, March 8
Minutes taken by Paul Hoffman and Don Eastlake
    --combined by Paul Hoffman

Paul Hoffman and Eric Rescorla, chairs

Paul talked about the status of the WG and the very little
	work that had happened on the mailing list.
Max Pritikin's draft has expired.
There have been difficulties with definitions.
Agenda: spend about a half hour on drafts, then talk about futures.

Jim Schaad discussed Max's draft
	Expired: draft-pritikin-ttimodel-01.txt
	It is really about introduction, not enrollment
	The draft talks about the parties to be introduced and a
		trusted-third-party who knows them both
	"Imprint" kind of means leap of faith to trust who you see first.
	Manufacturer insertion of crypto variables or the like into a
		device at start is a type of third party introduction
		(between device and manufacturer registration service).
	Deciding whether you have single or bi-directional flow through
		TTP is important
	Bi-directional allows zero-knowledge stuff where maybe TTP doesn't
		know if Alice and Bob agreed
	Writing the model document and having a common lexicon would be
		very valuable.
	Hoffman: Which terms are most important to define?
	Schaad:
		Introduction
		One-way courier and two-way courier
		Third party post-verification

Hannes Tschofenig discussed his "Next Steps for ENROLL" draft
	draft-tschofenig-enroll-next-steps-00.txt
	Enroll touches on both imprinting and bootstrapping
	These are sufficiently different that they should be treated
		separately
	Imprinting == procedure to equip a component with a secret value
		of a cryptographic parameter.
	Boostrapping
		Only fuzzy definitions available but frequently discussed in
		IETF docs
			EAP type protocols
			SIPPING-CERT
			3GPP Generic Authentication
			Various MIP6
			Kerberos
			...
	Rescrola: KDC's (Key Distribution Centers) start with strong
		keying material while bootstrapping is to get to strong
		material from weak material
	The problem affects many WGs but general solution may be hard
	Lack of a specific problem domain often confuses people
	Shore: why is imprinting an IETF work?
		What's the interoperability issue?
	Tschofenig: Say you want to configure a laptop with some EAP
		methods using a USB stick ...
	Sommerfeld: the format of imprinting message is important
		Shovelling around is less important
		Should include octet string
		There really isn't any better forum for "imprinting" work
	Tschofenig: You need to know what protocol you are using
	Someone: USB stick can be considered equivalent to a wire.
	Rescorla: different way to think about imprinting
		Have a high bandwidth channel and low-bandwidth channel
			(your hands)
		Low bandwidth is not IETFy
		Can we do imprinting only?
		You need to define a bootstrap protocol to use the
			insecure channel to secure the insecure channel
		Crypto is IETFy
		USB stick is conduit for the low bandwidth channel
		Can we get a good enough handle on low bandwidth channel
			interaction methods? (We understand protocols)

Hoffman to group: Is enough work being done on imprinting and
	bootstrapping elsewhere that we just need to do a definitions
	document? (No hands raised.)
Joe Salloway: a fair amount of work in other WGs is happening
	Some stuff is being reinvented
	Maybe do a survey of imprinting to see if there is a common problem
	There is probably an enrollment phase
	Worries that there is a lot of duplication in bootstrapping that
		would benefit for some standardization
	Boostrapping will be easier than Imprinting since there is more
		work going on
Hoffman: Has anyone looked at imprinting work being done elsewhere?
	Eronen did a short survey of imprinting, has a bunch
	Rescorla also has a pile of papers

Hoffman proposed that a terminology document would be useful if we
	don't produce anything else
	Could help other WGs
	Could elicit some independent model document
	No volunteers came forward; maybe after the meeting
Hoffman: what about a survey of what the IETF has done so far on
	bootstrapping and imprinting
	Shore somewhat accepted that task
	Can use Tschofenig's slides as a start

Adjourned

--Paul Hoffman, Director
--VPN Consortium

More information about the ietf-enroll mailing list