2.6.12 Open Security Area Directorate (saag)

NOTE: This charter is a snapshot of the 61st IETF Meeting in Washington, DC USA. It may now be out-of-date.

Last Modified: 2004-09-07


Jeffrey Schiller <jis@mit.edu>

Security Area Director(s):

Russell Housley <housley@vigilsec.com>
Steven Bellovin <smb@research.att.com>

Security Area Advisor:

Steven Bellovin <smb@research.att.com>

Mailing Lists:

General Discussion: saag@mit.edu
To Subscribe: saag-request@mit.edu

Description of Working Group:

Goals and Milestones:

No Current Internet-Drafts

Request For Comments:

RFC3365 BCP Encryption and Security Requirements for IETF Standard Protocols

Current Meeting Report

Security Area Advisory Group (SAAG)
IETF 61, Washington, DC
Minutes compiled by Paul Hoffman and Russ Housley


Russ Housley introduced the incoming AD: Sam Hartman. Steve Bellovin recently stepped down, and Sam is replacing him.

Russ will be the shepherd for the following working groups:


Sam will be the shepherd for the following working groups:


The remaining three working groups in the Security Area are expected to be closed in the near future:


Working Group and BoF Reports

Each working group or BoF that had a meeting at IETF 61 have a very brief summary of the session. Please see the minutes for each of these sessions. The highlights are not repeated here.

Reports were given in the order that the session occurred at IETF 61:

ISMS  http://www1.ietf.org/proceedings_new/04nov/minutes/isms.html
Kitten  http://www1.ietf.org/proceedings_new/04nov/minutes/kitten.html
MSEC  http://www1.ietf.org/proceedings_new/04nov/minutes/msec.html
BTNS BoF  http://www1.ietf.org/proceedings_new/04nov/minutes/btns.html
LTANS http://www1.ietf.org/proceedings_new/04nov/minutes/ltans.html
SecSH  http://www1.ietf.org/proceedings_new/04nov/minutes/secsh.html
SASL  http://www1.ietf.org/proceedings_new/04nov/minutes/sasl.html
MOBIKE  http://www1.ietf.org/proceedings_new/04nov/minutes/mobike.html
PKI4IPSEC  http://www1.ietf.org/proceedings_new/04nov/minutes/pki4ipse.html
PKIX   http://www1.ietf.org/proceedings_new/04nov/minutes/pkix.html
KRB-WG http://www1.ietf.org/proceedings_new/04nov/minutes/krb-wg.html
INCH  http://www1.ietf.org/proceedings_new/04nov/minutes/inch.html
EasyCert BoF http://www1.ietf.org/proceedings_new/04nov/minutes/easycert.html

New Algorithm Requirements for IKEv1 (See ikev1-new-algs.ppt)

Paul Hoffman, from the VPN Consortium, gave a presentation on the cryptographic algorithsm required by the current IKEv1 documents. He covered:

* History of IKEv1 algorithms
* Agreement to deprecate DES, but it is still shipped as default
* draft-hoffman-ikev1-algorithms-01 fixes this problem by bringing the algorithm requirements up to date
* Matches the MUSTs and SHOULDs from IKEv2
* Demotes some things (like DES and Tiger) to MAY
* Is in IETF-wide last call until November 22nd

Russ Housley encouraged review and comment on the document.

NSA's Elliptic Curve Licensing Agreement (See NSA-EC-License.ppt)

John Stasak, from the US National Security Agency, gave a presentation on a royalty-free patent license for elliptic curve (EC) cryptography. He covered:

* NSA will require EC in next-generation products used by the US Government
* Very interested in low-bandwidth and low-computation properties of EC
* NSA obtained a license from Certicom for many of their patents (See Licensed-Patents.html)
* NSA wants to sub-license widely, within the field of use:
+ Implementations must be use elliptic curves over GF(p), where p is a prime number greater than 2255
+ Either NSA Approved Product or an implementation that is used for national security and is compliant with FIPS 140
- NSA may give approval for systems protecting US mission-critical national security information even if not FIPS-certified
- NSA may give licenses to non-US vendors to help interoperability with US national security information
* Covers many uses of EC (key agreement, key transport, signature, ...)
* Sublicenses extend to all distribution of covered implementation, not just the one used by the government
* NSA wants to hear from potential licensees about their interest

Q: What about crypto toolkits?
A: NSA is certainly willing to consider them

Q: What about open-source implementations?
A: If they meet the requirements, NSA will consider them

Q: What about cost?
A: FIPS-140 costs money, but NSA has no intention of charging for a sub-license. The sub-license will be royalty-free.

Certicom Toolkit for NSA Field of Use (See Certicom-EC-Toolkit.ppt)

Ross Bennett, from Certicom, reiterated what John Stasak said about the NSA license granted by Certicom. He also covered:

* A free license for the patents in the NSA field-of-use is also available from Certicom
* Or available in a Toolkit form
+ Toolkit also includes license for other patents
+ Per-project, one-time fee (no royalties)

Q: What about open-source implementations?
A: This is new, and Certicom wants to hear from folks with ideas

Open Mic

There was discussion about Security Area folks helping other IETF groups. The earlier in the process that security issues are detected, the easier it is to get them corrected.

Several people discussed requirements of security mechanisms to achieve positive deployment experience. There seemed to be general agreement among participants that security protocols that can fit into existing credential infrastructures have had better deployment experience than protocols that require a new credential infrastructure. Participants also agreed that it is desirable to create security protocols that can work with a variety of credential infrastructures. However, there are some environments, like the global DNS, where a single solution is required.

Thanks to Steve Bellovin

Big, big thank-you to Steve Bellovin for his work.


New algorithm requirements for IKEv1
NSA’s Elliptic Curve Licensing Agreement
Licensed Patents and Patent Applications
Certicom Toolkit NSA Field of Use Security Builder National Security Edition (NSE)