Minutes of AFT WG at 45nd IETF-Oslo meeting Authenticated Firewall Traversal Working Group Meeting July 13, 1999 Osle, Norway Chaired by Wei Lu Reported by Wei Lu AGENDA Closing the revision of RFC 1928. Closing the revision of RFC 1961. Announcing the merge of AFT and STP. Review the merged charter. Outline the base protocol for the next version of SOCKS. Closing the revision of RFC 1928 Marc VanHeyningen summarized the revision of RFC 1928. Highlights of the revision are: GSS-API returned to the MUST status as an authentication method for SOCKS. Added one UDP command option and one UDP subcommand. Added CHAP as a MAY authentication method. Most likely it will be removed from the final revision. The WG agreed that after one more round of editing, the draft will move to the last call. Closing the revision of RFC 1961 Marc VanHeyningen summarized the revision of RFC 1928. Highlights of the revision are: Added SPNEGO to the GSS-API authentication. Removed "selective message protection level". There is still a pending issue, the base authentication mechanism. LIPKEY and GSS-API-Easy have been mentioned as candidates for base mechanisms. WG decided to look further into these 2 mechanisms, and agreed that the final choice will depend on CAT WG's progress on these 2 mechanisms. CAT's chair John Linn will look into this within CAT WG. Announcing the merge of AFT and STP Wei Lu announced the merge of STP into AFT. The STP related mailing list will be merged into AFT list. Review the merged charter AFT's new charter is inherited from STP's and has been sent to the AFT list. WG hasn't received any objections yet. It will be submitted to IESG for final approval soon. Wei Lu repeated the list of major working items discussed at the previous STP BOF. Improve TCP BIND support. Improve UDP proxy support. Add multicast proxy support. Use of single proxy control channel separated from data channels. Melinda Shore and most likely some others will propose additional requirements for firewall traversal of IP Telephony related applications. Jamie Jason asked whether the new AFT charter will deal with policy related issues. Wei Lu commented that just like authentication related issues, it is better for AFT to leave them to other WG's. SOCKS protocol doesn't impose any restrictions on policy management implementation. Outline the base protocol for the next version of SOCKS Wei Lu briefly made some comments on the base protocol formats for the next version of SOCKS. Instead of one address field as in SOCKS Version 5, the new protocol will include two address fields in SOCKS request/reply messages.