[Previous] [Next] [Index]
[Thread]
Minutes of IETF-WTS Meeting
I have been seriously remiss in not getting these out. The due date for the
IETF proceedings is Friday. Please send corrections immediately.
--Charlie
(charlie_kaufman@iris.com)
--------------
The WTS working group met on Wednesday morning December 6th. There were a
series of presentations.
Simon Cooper went over a few last wording changes in the requirements document,
and there was consensus that as soon as they could be incorporated into an I-D,
we should go to working group last call with the intention of advancing the
document to Informational RFC. There was no significant controversy.
Simon also announced that the working group mailing list would be moved to
wts-wg@postofc.corp.sgi.com (requests to wts-wg-request) instead of using the
www-security list that predated the working group and that we commandeered. The
intent is that participants in the working group would automatically get listed
on the new list, but the logistical details of making that happen were not
spelled out.
Doug Rosenthal presented the status of his GSSAPI-WWW work. He has Windows and
MAC browsers and a modified httpd server that implement it with a public key
based (SPKM) GSSAPI toolkit. He recently published the spec as an I-D. The
system is being deployed in a commercial environment and he would like to
eventually advance the spec to Internet Standard. There was no discussion of a
proposed schedule. There was some discussion about the availability of public
domain implementations of SPKM, about how this interacts with PEP. There was
some confusion around the difference between GSSAPI the API, and GSSAPI the
implied protocol spec for the underlying mechanisms.
Rohid Khare gave a presentation on PEP, and general extension mechanism for
HTTP. PEP could be used to encode security extensions to HTTP instead of using
an encapsulating protocol like SHTTP or GSS-HTTP. The existing protocols could
probably be converted to this alternate syntax without extensive modifications
to their crypto and parsing engines. The W3C is building reference code and
there is an I-D for PEP.
There appeared to be consensus that SHTTP was sufficiently far along in
deployment that it should continue toward standardization without PEP
integration, but that PEP integration would be an important thing to look at in
the not too distant future.
Alan Schiffman and Eric Rescorla played tag teams for a presentation on SHTTP.
Alan hinted that there are multiple SHTTP implementations conforming to the
spec, but could not give details. There was some discussion of the
desireability of getting some of these other implementations to give
presentations on them at the next IETF. The SHTTP spec has been nearly stable
since before the WTS working group was formed and is nearly ready for
advancement to Proposed Standard. There are a handful of open issues around the
ways the world is evolving under the spec. SHTTP supports two encodings: PKCS-7
and PEM. (There was a third, PGP, but it was removed for lack of interest).
There was a discussion of whether MOSS should be substituted for PEM, and the
consensus was that it should be if it is technically feasible. SHTTP used some
of the secret key encodings of PEM that are missing from MOSS, and Eric
Rescorla volunteered to write up those differences as a proposal into MOSS so
that SHTTP could use it. There was consensus that SHTTP should be advances as
soon as possible - possibly before the next IETF - if we can resolve the
remaining issues on the list.
--------------
Also-- if you gave a presentation at the meeting and would like to get your
slides included in the proceedings, here's how:
Minutes and slides for the 34th IETF Proceedings will be due no
later than Friday, December 22.
Instructions on submitting material for the IETF Proceedings
can be obtained via the WWW:
http://www.ietf.cnri.reston.va.us/instructions/instructions.htm