[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Draft meeting notes

To: ietf-sacred@xxxxxxx
Subject: Draft meeting notes
From: Stephen Farrell <stephen.farrell@xxxxxxxxx>
Date: Thu, 04 Aug 2005 13:52:20 +0100
List-archive: <http://www.imc.org/ietf-sacred/mail-archive/>
List-id: <ietf-sacred.imc.org>
List-unsubscribe: <mailto:ietf-sacred-request@imc.org?body=unsubscribe>
Sender: owner-ietf-sacred@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511

Please find attached the draft meeting minutes.

Let me know if I got anything wrong. Anytime before
I have to post these to the secretariat is fine (I
guess that means the next week or so).

Regards,
Stephen.

Sacred WG IETF-63 Draft meeting notes

Note takers: 

Tim Moses, Stefan Santesson 
Jabber log: http://www.xmpp.org/ietf-logs/sacred@xxxxxxxxxxxxx/2005-08-03.html

(Stephen: Thanks for the excellent notes!)

Summary: 

Although sacred has completed all its chartered milestones, the results were
somewhat unsatisfactory since the WG chose not to adopt a strong password
scheme (EKE, SPEKE, etc.).  There is now a possibility that some relevant IPR
positions may have changed, so the WG met to explore this. 

Igor Faynberg (Lucent) and Robert Mol (Phoenix) took actions to clarify their
IPR positions by the end of the month.  

There was also interest in moving any new protocol from BEEP to HTTP, but only
if a strong password scheme is adopted.

Once the Lucent and Phoenix actions are done, then we will have a list
discussion to determine whether there is WG concensus to re-do the sacred
protocol to use one or more strong password schemes. 

1. Agenda:

- Agenda bashing (Stephen, TCD)
	http://down.dsg.cs.tcd.ie/misc/sacred/SACRED-AGENDA.ppt
- History (Stephen, TCD))
	http://down.dsg.cs.tcd.ie/misc/sacred/SACRED-AGENDA.ppt
- Technical Overview (Radia, Sun)
	http://down.dsg.cs.tcd.ie/misc/sacred/SACRED-TECHOV2.ppt
- PAK (Alec,Lucent)
	http://down.dsg.cs.tcd.ie/misc/sacred/SACRED-PAK2.ppt
- SPEKE (Robert,Phoenix)
	http://down.dsg.cs.tcd.ie/misc/sacred/SACRED-SPEKE2.ppt
- OPAKE (James,Docomo)
	http://down.dsg.cs.tcd.ie/misc/sacred/SACRED-OPAKE2.ppt
- Discussion (all)
- Questions to the room (Stephen)
	http://down.dsg.cs.tcd.ie/misc/sacred/SACRED-AGENDA.ppt

The meeting was chaired by Stephen Farrell. (co-chair Magnus Nystrom
was unable to attend.)

2. Stephen reviewed the history and current status of the working group.

The group was formed in 2000.  It has produced three RFCs: 3157 on
requirements, 3760 on the framework and 3767 on a protocol using DIGEST MD-5,
TLS and BEEP.  He indicated that some found this solution unsatisfactory,
largely because it demands too much infrastructure and configuration.

Strong password schemes were considered, but were rejected, largely due to IPR
concerns.

Stephen asked the group who had implemented the existing RFCs.  Only RSA
responded positively.  Stephen said that he was also aware of an academic
implementation.

The meeting had been called to discuss the way forward, in particular whether
we can get concensus to adopt a strong password scheme and disbanding the
working group.  He acknowledged that a decision would not be reached at the
meeting, but that we were aiming to be in a position to make such a decision in
the next month or so.

3. Radia Perlman gave an overview of some strong password schemes.  The
requirement is to log-on to the network from any device, without using a smart
card and without user-specific configuration of the access device.  The
solution must resist an off-line dictionary attack and eavesdropping.

Radia gave overviews of EKE, SPEKE and PDM.  She pointed out that these
protocols provided authentication and use four exchanges.  But, simply for
credential download, each protocol can be reduced to two exchanges.

Radia also overviewed alternative schemes, such as the TLS scheme currently
standardized by SACRED.

4. Gareth Richards (RSA) presented a proposal for an HTTP binding for the
existing SACRED scheme.  He said that the approach had been implemented and
proven to be practical.  The proposal relies on a "SASL over HTTP" scheme
described in a personal draft.  It had been necessary to define an error
response and a positive acknowledgment response.

Gareth listed outstanding questions: Is the approach acceptable?  What content
type should be assigned?  Should a port number be reserved?  Should the scheme
use existing HTTP error responses?

Sam Hartman indicated that the HTTP SASL draft will not advance in its current
form.  He felt that momentum for progression did not exist.

Peter Sylvester suggested that SRP should be considered.  Stephen said that SRP
had been considered in the original round.

Uri Blumenthal said that the working group should define a strong-password
scheme using HTTP.

5. Alec Brucilovsky (Lucent) described the PAK scheme.  He asserted that it
satisfies the requirements and proposed a work item to standardize it.  He said
that an open-source implementation was available under the Plan 9 license.

A working group member asked about the DoS performance, as the server was
required to perform an exponentiation prior to client authentication.  Alec
suggested a variant that would require only a multiplication.

IPR questions were raised. Sam Hartman said that he had reviewed a Plan 9
license recently and found it unsuitable for his purposes because it required
enhancements to be returned to Plan 9.  Igor Faynberg suggested that these
questions should be considered by attorneys.  He offered to present any
questions to Lucent attorneys.  Sam said the group would be interested in a
patent license, in addition to the current software license, as the IETF
process requires several independent implementations.

During the meeting, Uri consulted the advertised Plan 9 license terms.  He said
that the Plan 9 license is OSI certified.  He couldn't find a provision
requiring enhancements to be returned to Plan 9.  Uri offered that, provided
the IPR concerns can be satisfactorily resolved, PAK looks like a promising
solution.

Stephen asked the Lucent representatives to report on the current licensing
terms for EKE, in addition to PAK.  The Lucent representative should liaise
with the WG chairs (and via them, with the AD, Russ Housley) aiming to provide
a response by the end of the month.

6. Robert Mol (Phoenix) presented on SPEKE.  He gave an overview of identity
theft.  He mentioned that SPEKE helps with these issues.  It has been
standardized in IEEE P1363 and is already identified in the SPEKE framework
document.  He listed four companies that have implemented SPEKE.  Phoenix has a
roadmap for SPEKE that includes an SDK, browser plug-ins and Java APIs.

A generic Phoenix IPR declaration has been posted on the IETF Web-site.  He
showed an extract that indicated the terms were RAND.  He gave a contact at
Phoenix for commercial issues.

Sam Hartman requested that Phoenix offer an opinion concerning the
applicability of their patent to SRP.

Uri suggested that, unless the terms were RF, it would not be acceptable.  Sam
Hartman suggested that RAND may be acceptable and RF may be unacceptable, as
sub-licensing terms must be considered.  The true test is whether or not
implementers find the terms acceptable.  

Bill Summerfield (and others) said that licensing terms must clearly indicate
RF.

Stephen said we need license text that is specific to the use of SPEKE in the
implementation of an IETF specification.  Phoenix was asked to provide such
text by the end of August.

7. James Kempf (DoCoMo) gave a presentation on OPAKE.  It is based on oblivious
transfer, but uses a trick to overcome the traditional drawback of such
techniques (performance) by batching multiple challenges.

He gave performance figures for their implementation, which showed some dozens
of milliseconds on various platforms (this was for a security level equivalent
to s four digit PIN).  The technique is described in a paper, which includes a
security proof.

DoCoMo has filed for a patent.  But DoCoMo is committed to offering licenses
under RFC 1822 (Photuris) terms, which are RF.

Stephen said that the work was very new and would require (extended) scrutiny.

There were questions about IPR terms.  Radia Perlman asked for clarification.
James Kempf said that the terms were RF.  She asked why OPAKE was not
encumbered by the PAKE patent.  James suggested that the PAKE patent may be
challenged on prior-art grounds.  Charlie Kaufman suggested that DoCoMo might
establish the applicability of the PAKE patent.  James said DoCoMo was not
likely to take that on, but other attorneys may take on the task.

Uri asked about the size of the algorithm parameters: number of primes and
their sizes.  James said that the primes were 11 bits in size.  He thought that
increased security demanded more primes, rather than larger ones.  He suggested
that those interested in this aspect should consult the paper.

Ken Rayburn said that Kerberos also needs a solution to the credential download
problem.  James Kempf said that EAP also needs one.

Greg Lebovitz observed that confidence in security and IPR are the primary
discriminators for a solution.  He asked whether the technical issues should be
resolved elsewhere.  Stephen and Russ Housley both indicated that the selection
of a technique was central to the group's charter, so SACRED is the right place
to address the technical issues.

8.  Stephen canvassed working group opinion on several questions.  There was
discernible support for exploring PAK, some support for exploring SPEKE,
similar support for exploring OPAKE and likewise for exploring other schemes.
There was support for defining an HTTP binding.

Stephen asked for hums:

Modulo acceptable IPR, should the wg investigate:
	PAK - medium hum
	SPEKE - smaller hum
	OPAKE - medium hum (but recognising early-days)
	SRP/EKE/etc. - medium hum

Modulo doing one of the above:
	HTTP - strong hum for change from beep to http

Stephen asked for the following show-of-hands:

Who wants to use a new SACRED protocol?  (Abuot 50% of those present)
Who would implement a new SACRED protocol?  (~7)
Who would work actively to define a new SACRED protocol?  (~7, same folks)
Who wants to close the working group?  (1)

Stephen asked the respondent to the last question for the basis of his
position.  The person represented Microsoft and said that Kerberos had a need,
and the resources, to solve this problem and that IPR issues would be an
obstacle to the standardization of a strong password scheme, Another speaker
pointed out that this group had not demonstrated success.  Perhaps, the
Kerberos group should be allowed to solve the problem.

9. Stephen summarized.  He said that feedback from patent holders is expected
by the end of August.  Discussion on the list could then proceed and the way
forward be determined.

Prev by Date: Sacred wg agenda
Previous by thread: Sacred wg agenda
Index(es):
- Date
- Thread