Provisioning of Symmetric Keys WG ================================= XMPP WG Agenda - IETF 75, Stockholm Tuesday, 28 July 2009, Session 1: 0900-1130 Room: Large Auditorium Meeting Agenda Available at: http://www.ietf.org/proceedings/75/agenda/xmpp.txt Jabber Logs Available at: http://jabber.ietf.org/logs/keyprov/2009-07-30.txt Jim Schaad took notes. Sean Turner chaired the meeting. Sean presented WG status slides available at http://www.ietf.org/proceedings/75/slides/keyprov-0.ppt. There are three active Internet Drafts (IDs). All three IDs will be discussed during the meeting. Of note, the second working group last call (WGLC) ended for the Portable Symmetric Key Container (PSKC) ended on 6/27. Sean also presented slides (available at http://www.ietf.org/proceedings/75/slides/keyprov-1.ppt) on the PSKC ID, which were produced by Philip Hoyer. The current version (-03) addressed comments received during the 1st WG LC. Changes include: - Tweaks to schema that address comments from IETF 74 white board session - Require generated MAC key encrypted with transport key - Corrected examples with proper generated values - Aligned introduction with DSKPP spec - Added new W3c DerivedKey element to PBE Comments were received on the -03 version; however all are considered minor. Comments include: - Adding clearer descriptions for DeviceBinding and UserId - There needs to be alignment with PBE - Instead of mandatory use must The corresponding algorithm document will be updated. The next step is to produced a -04 version. This version will then be provided to the security area director. Comments received during the meeting: - From Hannes: there are no manditory algorithms. - From Ming: a reference implementation is avaiable. - From Hannes: another may be in the works Sean also presented slides on the ASN.1 Symmetric Key Package Content Type, which can be found at http://www.ietf.org/proceedings/75/slides/keyprov-2.ppt. A -05 version was published shortly before IETF 75, but it was just a keep-alive version that included no technical changes. Version -06 will include ASN.1 version of the XML elements and attributes. The one issue raised was whether there should be one attribute or multiple attributes. No comments were received. Magnus Nyström presented slides on the Dynamic Symmetric Key Provisioning Protocol (DSKPP), which can be found at http://www.ietf.org/proceedings/75/slides/keyprov-4/keyprov-4.htm. He first presented a primer on the DSKPP protocol itself and then he addressed the status of the ID. Version -08 includes comments received on version -07, which included: - Alignment with PSKC - Changed MACAlgorithm - Updated conformance requirements - Changed AuthenticatedDataType->ClientId to optional Comments received include: - What is the timeframe for the next version? The next version should be out soon and then WGLC should be issued. - Alexandros(?) asked what is the best use for these types of protocols? - Magnus replied that they are used to establish a shared secret for later use typically between a mobile device assocated with a person and a server. - Alexandos(?) asked what is best use in a big company: firewalls key or just clients joining some serer network? - Magnus replied the number of servers to be provisioned - can you use this as well? Yes you coul but need to remember that user authentication in protocol - need to figure out who is really there. Serer w/ certificate then generate/transport new key material - but could use cert in that case. Better for user devices than automaons.