Last Modified: 2004-09-07
|RFC3365||BCP||Encryption and Security Requirements for IETF Standard Protocols|
Security Area Advisory Group (SAAG)
IETF 61, Washington, DC
Minutes compiled by Paul Hoffman and Russ Housley
Russ Housley introduced the incoming AD: Sam Hartman. Steve Bellovin recently stepped down, and Sam is replacing him.
Russ will be the shepherd for the following working groups:
Sam will be the shepherd for the following working groups:
The remaining three working groups in the Security Area are expected to be closed in the near future:
Working Group and BoF Reports
Each working group or BoF that had a meeting at IETF 61 have a very brief summary of the session. Please see the minutes for each of these sessions. The highlights are not repeated here.
Reports were given in the order that the session occurred at IETF 61:
BTNS BoF http://www1.ietf.org/proceedings_new/04nov/minutes/btns.html
EasyCert BoF http://www1.ietf.org/proceedings_new/04nov/minutes/easycert.html
New Algorithm Requirements for IKEv1 (See ikev1-new-algs.ppt)
Paul Hoffman, from the VPN Consortium, gave a presentation on the cryptographic algorithsm required by the current IKEv1 documents. He covered:
* History of IKEv1 algorithms
* Agreement to deprecate DES, but it is still shipped as default
* draft-hoffman-ikev1-algorithms-01 fixes this problem by bringing the algorithm requirements up to date
* Matches the MUSTs and SHOULDs from IKEv2
* Demotes some things (like DES and Tiger) to MAY
* Is in IETF-wide last call until November 22nd
Russ Housley encouraged review and comment on the document.
NSA's Elliptic Curve Licensing Agreement (See NSA-EC-License.ppt)
John Stasak, from the US National Security Agency, gave a presentation on a royalty-free patent license for elliptic curve (EC) cryptography. He covered:
* NSA will require EC in next-generation products used by the US Government
* Very interested in low-bandwidth and low-computation properties of EC
* NSA obtained a license from Certicom for many of their patents (See Licensed-Patents.html)
* NSA wants to sub-license widely, within the field of use:
+ Implementations must be use elliptic curves over GF(p), where p is a prime number greater than 2255
+ Either NSA Approved Product or an implementation that is used for national security and is compliant with FIPS 140
- NSA may give approval for systems protecting US mission-critical national security information even if not FIPS-certified
- NSA may give licenses to non-US vendors to help interoperability with US national security information
* Covers many uses of EC (key agreement, key transport, signature, ...)
* Sublicenses extend to all distribution of covered implementation, not just the one used by the government
* NSA wants to hear from potential licensees about their interest
Q: What about crypto toolkits?
A: NSA is certainly willing to consider them
Q: What about open-source implementations?
A: If they meet the requirements, NSA will consider them
Q: What about cost?
A: FIPS-140 costs money, but NSA has no intention of charging for a sub-license. The sub-license will be royalty-free.
Certicom Toolkit for NSA Field of Use (See Certicom-EC-Toolkit.ppt)
Ross Bennett, from Certicom, reiterated what John Stasak said about the NSA license granted by Certicom. He also covered:
* A free license for the patents in the NSA field-of-use is also available from Certicom
* Or available in a Toolkit form
+ Toolkit also includes license for other patents
+ Per-project, one-time fee (no royalties)
Q: What about open-source implementations?
A: This is new, and Certicom wants to hear from folks with ideas
There was discussion about Security Area folks helping other IETF groups. The earlier in the process that security issues are detected, the easier it is to get them corrected.
Several people discussed requirements of security mechanisms to achieve positive deployment experience. There seemed to be general agreement among participants that security protocols that can fit into existing credential infrastructures have had better deployment experience than protocols that require a new credential infrastructure. Participants also agreed that it is desirable to create security protocols that can work with a variety of credential infrastructures. However, there are some environments, like the global DNS, where a single solution is required.
Thanks to Steve Bellovin
Big, big thank-you to Steve Bellovin for his work.