home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1997 December
/
Internet_Info_CD-ROM_Walnut_Creek_December_1997.iso
/
ietf
/
wts
/
wts-minutes-95jul.txt
< prev
Wrap
Text File
|
1995-10-18
|
4KB
|
95 lines
CURRENT_MEETING_REPORT_
Reported by Charlie Kaufman/Iris
Minutes of the Web Transaction Security Working Group (WTS)
The WTS Working Group met once at the 33rd IETF on Tuesday, 18 July.
This session was the first meeting of the group as an official working
group (the group had previously met at the 31st IETF as the HTTPSEC
BOF). Charlie Kaufman, as the working group chair called the session to
order and presented the following agenda:
o Agenda Bashing
o Simon Cooper -- Presentation on RUSSL
o Doug Rosenthal -- Presentation on GSSAPI approach for WWW
o Donald Eastlake -- Presentation on DNS Security
o Simon Cooper -- Review of Web Security Requirements Document
o Allan Schiffman -- Review of SHTTP Document
o Discussion of the WTS Charter
Presentation on RUSSL
Simon Cooper of Rutgers University detailed work in progress on Rutgers
University Secure Services Library (RUSSL), an implementation motivated
by the need to provide confidential, authenticated services for HTTP and
NNTP as well as other applications. For details see:
http://www-ns.rutgers.edu/www-security/archives/0001.html
Presentation on GSSAPI Approach for WWW
Doug Rosenthal of EINET presented work in progress to explore
integration of GSSAPI with WWW clients and servers. This work is based
on an implementation of GSS/SPKM using Northern Telecom's Entrust
products to demonstrate the feasibility of an approach which is
``architecturally competitive to'' SHTTP in that it allows for
negotiation of encryption, authentication and key exchange mechanisms
between cooperating entities.
Presentation on DNS Security
Don Eastlake of CyberCash described a proposal for using some extensions
to DNS as the basis public key distribution in the WWW. Details of the
extensions can be found in:
ftp://ds.internic.net/internet-drafts/draft-ietf-dnssec-secext-04.txt
Review of Web Security Requirements Document
Simon Cooper of Rutgers University led a review of the document
draft-bossert-httpsec-req-00.txt in the context of its satisfying the
working groups charter of producing a Web Security Requirements
document. A large number of changes were proposed and agreed to at the
meeting. A few issues were left unresolved, though none seemed
unresolvable. There was consensus that we should incorporate the
changes agreed to at the meeting and resolve any remaining issues via
the mailing list within a month (i.e., by 18 August) and then propose
that the document be advanced to Informational RFC.
Review of SHTTP Document
Allan Schiffman described changes in the latest revisions to the SHTTP
document in the Internet-Draft directories. The changes did not raise
any controversies, but there was some discussion of the controversial
issue of how SHTTP might be better coordinated with MOSS. It was noted
that to some degree this was related to the harder question of
coordinating HTTP with MIME (a problem well beyond the scope of this
working group).
Future Direction of WTS
Charlie Kaufman led a discussion of the future direction of the working
group. The charter calls for finalizing security requirements at the
Stockholm meeting. We narrowly missed that milestone, but agreed to
complete it via the list within a month. It also calls for alternative
standards-track security specifications to be submitted as
Internet-Drafts by the Stockholm meeting and for a reconciled proposal
to be finalized at the Dallas IETF in December. No one expressed
objections to this timetable.
There was discussion of moving the WTS mailing list in order to separate
it from the pre-existing mailing list since the list may include people
not interested in the workings of the IETF working group. If that
happens, an announcement will go out to the existing mailing list
inviting people to join the new one.
