home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1997 December
/
Internet_Info_CD-ROM_Walnut_Creek_December_1997.iso
/
ietf
/
92jul
/
tsess-minutes-92jul.txt
< prev
next >
Wrap
Text File
|
1993-02-17
|
6KB
|
171 lines
Editor's Note: Minutes recieved 7/21
CURRENT_MEETING_REPORT_
Reported by Doug Barlow/DEC
Minutes of the Trusted Sessions Working Group (TSESS)
The Group had drafted Julie LaMoine (MITRE) to Chair the Group at this
meeting, but she couldn't make it, so Doug Barlow filled in for her.
Mike Matthews (Addamax) presented an overview of the Addamax token
mapping service. Addamax is also planning on writing an Addamax ATN
Profile to compliment the TSWG framework.
We reviewed the status of outstanding homework. Available for progress
were the following:
o The Framework Document
o The Commercial Multi-level Distributed Security (CMDS) Profile
o The MaxSix V2.0 Profile
o The DNSIX V4.0 Profile
The Framework document was approved for submission to the TSIG plenary,
with the following edits:
o The order of sections 4.1 and 4.2 are to be reversed, to conform to
the order presented in the diagram.
o In section 5, the phrase ``Addamax plans to present this'' is to be
changed to read, ``Addamax has presented this''.
The CMDS Profile was approved for submission to the TSIG plenary, with
the following edits:
o Section 2.4, last bullet, the phrase, ``supplying he local'' is to
be changed to read, ``supplying the local''.
o Section 4, the incorrect ASN.1 syntax in the first line of the
Commercial Label Exchange protocol is to be corrected to read,
``COMMERCIAL-LABEL DEFINITIONS ::=''.
The MaxSix Profile was approved for submission to th TSIG plenary this
decision was rescinded later -- keep reading), with the following edits:
o The version number specified in the title is to be changed from
``3.0'' to ``2.0''.
1
o In Section 2.3, paragraph 4, the phrase ``the MaxSix Security'' is
to be changed to read, ``the MaxSix proposal for DNSIX Security''.
o A paragraph will be added explaining how to obtain the referenced
MaxSix documents, since they are not in the TSIG archives.
The Trusted Realm Environment Exchange Service (TREES) document was
approved for submission to the TSIG plenary without modification.
The DNSIX V4.0 Profile was provided as status information, but is not
yet complete, and was not considered for progression at this time.
John Batzer (ITT) told us about work he is doing on a project named
``Dragonfly''. It is a hardware-assisted session layer security
protocol which uses RSA to validate packets. As there were several
newcomers, we also provided an overview of the work the Trusted Sessions
Working Group has done.
We examined possible future paths for the TSWG. Suggested alternatives
were:
o Help other TSIG working groups utilize trusted sessions.
o Move existing applications (telnet, ftp, rcmd, etc.) to trusted
sessions.
o Work on the token mapping problem.
o Agree on a common API for operating trusted sessions.
o Work on a TSIG Security Architecture Framework.
o Provide consistent management of trusted sessions (a la MIBs).
Paul Vasquez (DIA) was invited to attend our Group and give us an update
on DIA's plans for DNSIX V3.0. Paul called for any and all TSIG
attendees to comment on the MaxSix proposal for DNSIX V3.0. Comments
must be received by the end of July. So far, out of the 22 vendors to
which DIA has made the MaxSix documents available, only IBM and Digital
have returned comments. Two other proposals for DNSIX V3.0 have been
received by DIA, the one from Addamax, and one from Digital. However,
DIA does not plan on distributing those proposals. Paul recommended
that people contact the submitters directly to obtain them. DIA would
entertain comments on the other proposals as well.
Paul went on to describe what he felt were requirements that any
proposal for DNSIX V3.0 must meet:
o IPSO (nee RIPSO) is required.
o An API specification is desirable, but not required.
o A token mapping capability is desirable, but not required.
o Backwards compatibility with DNSIX V2.1, which was originally
stated to be a requirement, isn't really a requirement, since there
are no installed DNSIX V2.1 sites in DIA to be backwards compatible
2
with.
The Group felt that the current TSWG method of providing a profile for
every possible DNSIX V3.0 submission did not meet the goal of
standardizing on a single solution. Hence the previous decision to
submit all completed documents was rescinded, and a vote to forward each
individual document to the TSIG plenary was taken. The results of the
voting was:
o Framework for Trusted Session Protocol -- Yes: 6, No: 0,
Abstaining: 3.
o CMDS Profile -- Yes: 6, No: 0, Abstaining: 3.
o MaxSix V2.0 Profile -- Yes: 0, No: 5, Abstaining: 4.
o TREES Document -- Yes: 5, No: 0, Abstaining: 4.
The ``No'' vote on the MaxSix V2.0 Profile is taken to be an indication
that the Group wishes to wait and see the progress of the DNSIX V3.0
specification. The Group reserves the right to reconsider this document
for submission to the TSIG plenary at a later time.
NOTE: In the closing TSIG plenary, TSIG voted to accept the submitted
documents -- Yes: 14, No: 1, Abstaining: 7. Concerns were expressed
that the profile mechanism still does not guarantee interoperability
between ALL secure systems, and that some newer people were not familiar
with the TSWG work. Doug Barlow (Digital) volunteered to present an
overview of the adopted papers at the next TSIG meeting in Minneapolis.
Attendees
Doug Barlow barlow@decwet.dec.com
John Batzer
Luc Boulianne lucb@cs.mcgill.ca
Dean Jagels dpj@sware.com
James Lin yeejang@cup.hp.com
Clifford Neuman bcn@isi.edu
Richard Newton rnewton@csd.harris.com
Paul Sangster sangster@ans.net
Paul Vazquez vazquez@dockmaster.ncsc.mil
Charles Watt watt@sware.com
W. Stan Wisseman swissema@oracle.com
3