[Previous] [Next] [Index]
[Thread]
Minutes of WTS session at Stockholm IETF
The following is a proposed draft of minutes for the WTS session of the
Stockholm IETF. Many thanks to Randy Catoe for taking notes and preparing a
first draft. I've incorporated my recollections in this version. I believe the
due date is Friday 8/4, so please send comments and corrections to me or the
list as appropriate before then.
-----------
Minutes of the IETF meeting of the Web Transaction Security Working Group,
Stockholm, July 18, 1995
This session was the first meeting of the group which had previously
met as www-security. Charlie Kaufman, as the working group
chair called the session to order and presented the following
agenda:
Agenda Bashing
Simon Cooper - Presentation on RUSSL
Doug Rosenthal - Presentation on GSSAPI approach for WWW.
Donald E. Eastlake 3rd - Presentation on DNS Security
Simon Cooper - Review of Web Security Requirements Document
Allan Schiffman - Review of SHTTP Document
Discussion of Charter for Web Transaction Security Working Group
Details:
Simon Cooper of Rutgers University detailed work in progress on
RUSSL ( Rutgers University Secure Services Library ), an implementation
motivated by the need to provide confidential, authenticated services for
HTTP and NNTP as well as other applications. For details see
http://www-ns.rutgers.edu/www-security/archives/0001.htm.
Doug Rosenthal of EINET presented work in progress to explore
integration of GSSAPI with WWW clients and servers. This work
is based on an implementation of GSS/SPKM using Northern Telecom's
Entrust products to demonstrate the feasibility of an approach
which is "architecturally competitive to" SHTTP in that it
allows for negotiation of encryption, authentication and key
exchange mechanisms between cooperating entities.
Don Eastlake of CyberCash described a proposal for using
some extensions to DNS as the basis public key distribution
in the WWW. Details of the extensions can be found in:
ftp://ds.internic.net/internet-drafts/draft-ietf-dnssec-secext-04.txt
Simon Cooper of Rutgers University led a review of the document
draft-bossert-httpsec-req-00.txt in the context of its satisfying the
working groups charter of producing a Web Security Requirements
Document. A large number of changes were proposed and agreed
to at the meeting. A few issues were left unresolved, though none
seemed unresolveable. There was consensus that we should
incorporate the changes agreed to at the meeting and resolve any
remaining issues via the mailing list within a month (i.e. by August 18)
and then propose that the document be advanced to Informational
RFC.
[** It would be nice to include a brief summary of the changes
agreed to, but I don't have a list. Simon - do you?**]
Allan Schiffman described changes in the latest revisions
to the SHTTP document in the internet draft directories. The
changes did not raise any controversies, but there was some
discussion of the controversial issue of how SHTTP might
be better coordinated with MOSS. It was noted that to
some degree this was related to the harder question of
coordinating HTTP with MIME (a problem well beyond the
scope of this working group).
Charlie Kaufman led a discussion of the future direction of
the working group. The charter calls for finalizing security
requirements at the Stockholm meeting. We narrowly missed
that milestone, but agreed to complete it via the list within
a month. It also calls for alternative standards track security
specifications to be submitted as I-Ds by the Stockholm
meeting and for a reconciled proposal to be finalized at the
Dallas IETF in December. No one expressed objections to
this timetable.
There was discussion of moving the WTS mailing list in
order to separate it from the pre-existing mailing list since
the list may include people not interested in the workings of
the IETF working group. If that happens, an announcement
will go out to the existing mailing list inviting people to join
the new one.