home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1994 March
/
Internet Info CD-ROM (Walnut Creek) (March 1994).iso
/
inet
/
ietf
/
93mar
/
area.security.93mar.txt
< prev
next >
Wrap
Text File
|
1993-05-18
|
9KB
|
262 lines
Security Area
Director(s):
o Steve Crocker: crocker@tis.com
Area Summary reported by Steve Crocker/TIS and Jim Galvin/TIS
The Security Area within the IETF is responsible for development of
security oriented protocols, security review of RFCs, development of
candidate policies, and review of operational security on the Internet.
Much of the work of the Security Area is performed in coordination with
working groups in other areas. The Security Area Advisory Group (SAAG)
is a group of security experts which provides both consulting help to
other areas and direct management of working groups within the security
area.
The main bulk of the work for the SAAG consists of a set of formal work
items. These work items correspond to working groups within the IETF
Security Area, security relevant developments within working groups in
areas other than security, and internal SAAG work items which do not
merit the creation of formal working groups but which do need some level
of attention.
Below is the status of each of the Working Groups and/or BOFs officially
chartered or initiated within the Security Area. Immediately following
those reports is an update on other security issues as well as security
related work in other IETF areas.
Authorization and Access Control BOF (AAC)
A Charter has been submitted to the IESG. Its official ratification is
waiting for a statement indicating its relationship to other security
related activities in the IETF.
The Authorization and Access Control BOF met on Wednesday afternoon.
Common characteristics of several distributed authorization mechanisms
were discussed. The Group will compile a common list of restrictions
and/or privilege attributes sufficient to support DCE, ECMA/Sesame, and
restricted proxies, as well as the needs of applications. The
specification for an authorization API was refined with the form of
several arguments defined, and others sketched. Work items were
assigned to further refine these definitions and to specify the form of
access control list entries themselves.
Common Internet Protocol Security Option Working Group (CIPSO)
The CIPSO Working Group meets principally under the auspices of the
Trusted Systems Interoperability Group. A revised Internet-Draft was
1
posted for discussion at the Columbus IETF meeting. A few changes were
discussed, that were primarily structural with some additions to provide
more detail.
The majority of the Working Group believes its work is done. Steve
Crocker will coordinate a team of experts to review the current
specification prior to its submission to the IESG for publication as a
Proposed Standard.
Common Authentication Technology Working Group (CAT)
The GSS-API base specification, GSS-API C Language Bindings, and
Kerberos Version 5 documents are to be submitted for consideration as
Proposed Standards.
The DASS document is to be submitted for consideration as an
Experimental Protocol.
The CAT Working Group met for two sessions at the Columbus IETF. The
primary agenda item was integration of security features into FTP, a
topic for which Sam Sjogren is acting as task leader and on which Steve
Lunt has generated a working document shortly to be released as an
Internet-Draft. The FTP security discussions were quite fruitful, both
in terms of providing feedback for improving the draft proposal for FTP
as well as fine tuning the GSS-API requirements and specifications.
Internet Protocol Security Protocol Working Group (IPSEC)
A Charter has been submitted to the IESG. Its official ratification is
waiting for a statement indicating its relationship to other security
related activities in the IETF.
A review of initial experimental implementations was conducted. A
preliminary list of IPSEC protocol features/requirements was discussed
and will be posted to the mailing list. There was a brief discussion of
key management issues but it was deferred to be conducted on the mailing
list.
Privacy Enhanced Mail Working Group (PEM)
The PEM specifications have been published as RFCs 1421, 1422, 1423, and
1424. This work item was officially closed at the Columbus IETF
meeting.
SNMP Security Working Group (SNMPSEC)
In conjunction with the SNMPv2 Working Group, twelve documents have been
completed and adopted by the IESG as Proposed Standards. They are
currently in the hands of the RFC editor for processing for publication.
By agreement with the new Network Management Area Director, Marshall
2
Rose, further work on SNMP security will be carried within the existing
SNMP Working Group with assistance provided by the Security Area.
TCP Client Identity Protocol Working Group (IDENT)
The protocol specification has been published in RFC 1413 as a Proposed
Standard. A network management MIB document was published in parallel
as RFC1414. Using this MIB, a SNMP client can ascertain the same
information that an Indent client can, thereby giving clients two
options for implementing this service.
This work item was officially closed at the Columbus IETF meeting.
OSI Directory Services Working Group (OSIDS) - Applications
There is no security activity in this area at this time. This work item
was officially closed at the Columbus IETF meeting.
TELNET Working Group (TELNET) - Applications
A document specifying a combination authentication-encryption option was
discussed, including replacing the individual option documents with this
one document. A revised Internet-Draft will be posted.
A Kerberos version 5 sub-option document was also discussed. A revised
Internet-Draft will be posted.
Router Requirements Working Group (RREQ) - Internet
The previous single document has been split into four documents and a
number auxiliary documents. Philip Almquist has responsibility for
finishing the documents and submitting them to the IESG for publication.
Mobile IP Security Working Group (MOBILEIP) - Routing
If there existed an IP security option Mobile IP would not have to
create its own. This raises the question of what the relationship
between this security work item and the IP security work item is. This
will be addressed in a document to be posted to internet-drafts.
Audio/Video Transport Working Group (AVT) - Transport
This activity will be reviewed to identify the security issues for the
Amsterdam meeting.
Domain Name System Working Group (DNS) - Transport
A subcommittee will be created to deal with security issues. A mailing
list will be created for use by the subcommittee.
3
Trusted Network File System Working Group (TNFS) - Transport
The TNFS Working Group meets principally under the auspices of the
Trusted Systems Interoperability Group.
No progress to report.
Integrated Directory Services Working Group (IDS) - User Services
This activity will be reviewed to identify the security issues for the
Amsterdam meeting.
Export Control Issues
Vint Cerf and Steve Crocker need to press forward on drafting a
document.
IP: The Next Generation
A plan for processing a security review of the competing next generation
proposals will be drafted for the Amsterdam meeting.
ITAR Publication
An on-line version of the U.S. International Traffic in Arms Regulations
(ITAR) will be created. In addition, it was noted that the ISSA
published a summary of U.S. export law that would be useful to include.
Key Management Strategies
A review of key management strategies and activities will be drafted for
the Amsterdam meeting.
Network Database Privacy
There is no activity in this area. This work item was officially closed
at the Columbus IETF meeting.
PEM and MIME Integration
The meeting began with discussions of implementation status' and
deployment strategies. There will soon be PEM implementations available
in the UK and Germany as a result of work under the EC PASSPORT program.
Interoperability testing is in progress. In support of the Internet
certification hierarchy RSADSI and TIS announced the availability of
PCAs.
In addition to the PEM and MIME integration, the use of email addresses
in distinguished names and the relaxation of the trust model for the
4
current hierarchy were discussed, but no consensus was reached. The PEM
and MIME integration was also not settled since there was a fair amount
of disagreement about the issues. A revised Internet-Draft will be
posted.
Random Number Generation Issues
A document has been posted as an Internet-Draft that identifies the
issues to be concerned about when generating random numbers. However,
the document does not have a conclusion on how to generate random
numbers given a set of requirements. A revision will be prepared.
Routing Security Plan
Radia Perlman will submit a brief white paper identifying the issues.
Security Area Architecture
A short description of the relationship between the IETF security
activities will be drafted for the Amsterdam meeting.
Working Group Liaison Checklist
A checklist for use by security liaisons to working groups that will
assist in tracking progress will be drafted for the Amsterdam IETF.
5