KEYPROV WG Meeting 3-11-08 ========================== Meeting Minute Taker: Andrea Doherty Co-Chairs: Hannes Tschofenig Phillip Hallam-Baker The KEYPROV WG met once for two hours, during the 71st IETF. A total of approximately 30 individuals participated in the meeting. KEYPROV WG Specifications * DSKPP – Andrea Doherty ************************ (Refer to slides) Interim meeting held in Bedford, MA Feb 6/7, 2008 that included authors of all working group documents. All issues from issue tracker addressed. IEEE P1619.3 liaison report was presented by Matt Ball (chair). Phillip Hallam-Baker spoke with Lisa Dussealt (Apps Area) regarding registering algorithm IDs to IANA site. She agreed to do this. There are a small set of items that are simple to address, and will be done in next draft. One of these is to extend the scope of the MAC for integrity protection. Phillip Hallam-Baker agreed that we should extend the MAC to encompass the message/payload, not just included for key confirmation. Another item is to complete the IANA Considerations section. Phillip Hallam-Baker said that Lisa Dusseault agreed that algorithm IDs can be registered on IANA Web site. Andrea asked whether DSKPP SOAP binding should be added as working group item. I-D (expired) already exists. Pasi Eronen (newly appointed AD) would like to see current work wrapped up first. There could be a lot of work to get to IESG, esp. considering how long the work is taking. After it goes to IESG, then we can consider adding ct-kip-ws as a WG item. Hannes said that Tim Polk has a student who has agreed to do the reference implementation. * PSKC – Philip Hoyer ********************* (Refer to slides) Philip described controversy on mailing list regarding use of XML for describing key metadata. Goal was to describe name-value pairs in a way that is familiar to crypto programmers and well-aligned with the ASN.1 I-D (Symmetric Key Package Content Type). Method for extending schema to support new attributes is still to be defined. Discussion at the microphone: - Sean Turner (co-author of Symmetric Key Package Content Type I-D): Doesn’t think updating base spec every time you want to add attributes is not good. - Hannes: Extensibility is an issue. There is no IANA Considerations section in the document. Have to come up with a way to extend the attributes. We can’t anticipate all of them. Hannes posted two approaches to XML directorate and they preferred - Phillip Hallam-Baker: We need to look at an 80/20 approach. In most cases, slotting in a new algorithm can be handled by relying on an existing structure. Where we can rely on more structured data for extension slot, rely on “any”. Separate these types of cases out from the fewer number of situations where we can’t rely on an existing structure. The extension model could be shared across KEYPROV and other WG’s; and leans toward SAML 2.0 where you have tag-value slot and “any” for extensions. - Philip Hoyer: Referring to SAML Attribute assertion schema, perhaps we can leverage “NameFormat” attribute (of type “anyURI”) to point to new element. - Sean Turner: Prefers attribute name-value pair as it is easier to map to ASN.1 key package content. - Russ Housley: We need attributes that are extensible and algorithms that can be registered. Keep them separate. - Pat Cain: Look at IODEF (IETF XML spec for exchanging information about security incidences) Outstanding Issues: Philip asked room whether “string” should be used to represent Plaintext Values. Sean Turner asked whether in the final spec people will care. Philip said that it doesn’t really matter. Regarding issue of registering algorithm IDs, Pat Cain mentioned that IANA is down the hall and Philip could ask them directly what they need. Philip Hoyer pointed out that HSMs don’t all support keywrap algorithms (e.g., kw-aes128). Therefore, he stated that we should include older algorithms (e.g., aes128-cbc) that don’t include integrity checks as mandatory-to-implement. When implemented, the ValueMAC must be included. By mid-April there will be an update to the spec. * Symmetric Key Package (ASN.1) – Sean Turner ********************************************* (Refer to slides) Only two items need to be addressed per interim meeting – add use cases, and make sKey optional. Sean could have an update by end of week. Hannes reminded Sean about referencing attribute list from PSKC. Next draft will point to appropriate section of PSKC.