Turner, Sean P.
2007-08-06 12:21:30 UTC
Trust Anchor Management (tam) Birds of a Feather (BoF)
69th Internet Engineering Task Force (IETF)
Chairs:
Sean Turner <turners-***@public.gmane.org>
Stephen Farrell <stephen.farrell-aVqd/T0vMsmzQB+***@public.gmane.org>
Mailing List:
ietf-trust-anchor-***@public.gmane.org
Summary:
The tam BoF was held on Friday, 27 July 2007. Approximately 120 attendees
came to the meeting in person; approximately 40 people were on jabber, some
were on both.
The BoF co-chairs conducted agenda bashing; no additional speakers were
added. Background and meeting goals were also provided by the co-chairs.
This information provided context for audience members who have not been
part of the mailing list discussion.
(Slides presented at the BoF are available at:
https://datatracker.ietf.org/meeting/69/materials.html)
Carl Wallace presented the problem statement (see "Problem Statement"
slides).
Explained the: trust anchor (TA) concept and uses, general problem and
proposal, proposed a list of functional properties, and outlined security
considerations.
Received questions regarding feasibility of doing all the items listed as
functional requirements, the threat model that might apply and the need for
confidentiality, among others.
Paul Hoffman presented non-enterprise scenarios (see "TAM Scenarios"
slides).
Provided: background, terminology information, one and/or multiple TA
administrator (TAA) scenarios, and examples of systems that need trust
management.
Received questions regarding: the vision between the user and the TAA; doing
transfer protocol, acquisition protocol, or both; whether work would be for
managing number of application information; among others.
A concern about properly scoping the problem was raised.
Raksha Reddy presented the enterprise case (no slides).
Presented the NSA/DoD view on support for this topic. The primary reason
was there are things the DoD wants to manage in their specialized space,
that would benefit from having a TA management protocol. Indicated interest
in having a collaborative effort for development.
The remainder of the time was used for open mic discussion and hums (show of
hands).
Concern raised about the apparent lack of industry/vendor support for the
concept.
Questions about whether to include devices and browsers, or limit the scope.
Comment that the Trusted Computer Group (TCG) has a lot of interest in this
topic.
Comment that vendors are not at the BoF yet because they don't know that
they need to be.
Clarification from the AD that working group formation was not the objective
of this BoF. Goal is to determine if there is a real problem, who cares
about it, and is there a constituency for it.
Comments from the government of Canada regarding:
- Title/ownership management (assurance of integrity and originator in
protocols)
- Liability management (assurance of authority in protocols)
- Protocol for concept of relinquishment (at time of manufacture, at time of
distribution, at time of use in the field)
- Protocol for policy management (reflecting on conditions of use such as
licensing arrangements, restrictions on the use of intellectual property
rights)
- Protocol for identification of liability from both the perspective of
assurance of authority and of non-repudiation (useful in establishing risk
and addressing it in appropriate business plans
Comment questioning whether trust anchor management is a subset of remote
management, is it covered by netconf?
Polling by co-chairs to determine support, results are as follows:
- About half the room in favor of the IETF working on the idea (no hands
against)
- 20 to actively work the topic
- Another 12 to review
- 10 to implement (if its of good quality)
Will take the topic back to the mailing list.
Need to get a better understanding of what "this" is (scope).
Will use the mailing list to do scoping, refine questions,
build/recruit/demonstrate more constituency.
Monitor the list to see how the group is progressing.
69th Internet Engineering Task Force (IETF)
Chairs:
Sean Turner <turners-***@public.gmane.org>
Stephen Farrell <stephen.farrell-aVqd/T0vMsmzQB+***@public.gmane.org>
Mailing List:
ietf-trust-anchor-***@public.gmane.org
Summary:
The tam BoF was held on Friday, 27 July 2007. Approximately 120 attendees
came to the meeting in person; approximately 40 people were on jabber, some
were on both.
The BoF co-chairs conducted agenda bashing; no additional speakers were
added. Background and meeting goals were also provided by the co-chairs.
This information provided context for audience members who have not been
part of the mailing list discussion.
(Slides presented at the BoF are available at:
https://datatracker.ietf.org/meeting/69/materials.html)
Carl Wallace presented the problem statement (see "Problem Statement"
slides).
Explained the: trust anchor (TA) concept and uses, general problem and
proposal, proposed a list of functional properties, and outlined security
considerations.
Received questions regarding feasibility of doing all the items listed as
functional requirements, the threat model that might apply and the need for
confidentiality, among others.
Paul Hoffman presented non-enterprise scenarios (see "TAM Scenarios"
slides).
Provided: background, terminology information, one and/or multiple TA
administrator (TAA) scenarios, and examples of systems that need trust
management.
Received questions regarding: the vision between the user and the TAA; doing
transfer protocol, acquisition protocol, or both; whether work would be for
managing number of application information; among others.
A concern about properly scoping the problem was raised.
Raksha Reddy presented the enterprise case (no slides).
Presented the NSA/DoD view on support for this topic. The primary reason
was there are things the DoD wants to manage in their specialized space,
that would benefit from having a TA management protocol. Indicated interest
in having a collaborative effort for development.
The remainder of the time was used for open mic discussion and hums (show of
hands).
Concern raised about the apparent lack of industry/vendor support for the
concept.
Questions about whether to include devices and browsers, or limit the scope.
Comment that the Trusted Computer Group (TCG) has a lot of interest in this
topic.
Comment that vendors are not at the BoF yet because they don't know that
they need to be.
Clarification from the AD that working group formation was not the objective
of this BoF. Goal is to determine if there is a real problem, who cares
about it, and is there a constituency for it.
Comments from the government of Canada regarding:
- Title/ownership management (assurance of integrity and originator in
protocols)
- Liability management (assurance of authority in protocols)
- Protocol for concept of relinquishment (at time of manufacture, at time of
distribution, at time of use in the field)
- Protocol for policy management (reflecting on conditions of use such as
licensing arrangements, restrictions on the use of intellectual property
rights)
- Protocol for identification of liability from both the perspective of
assurance of authority and of non-repudiation (useful in establishing risk
and addressing it in appropriate business plans
Comment questioning whether trust anchor management is a subset of remote
management, is it covered by netconf?
Polling by co-chairs to determine support, results are as follows:
- About half the room in favor of the IETF working on the idea (no hands
against)
- 20 to actively work the topic
- Another 12 to review
- 10 to implement (if its of good quality)
Will take the topic back to the mailing list.
Need to get a better understanding of what "this" is (scope).
Will use the mailing list to do scoping, refine questions,
build/recruit/demonstrate more constituency.
Monitor the list to see how the group is progressing.