[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Proposed Enroll Charter

To: "'Russ Housley'" <housley@vigilsec.com>, iesg@ietf.org
Subject: RE: Proposed Enroll Charter
From: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>
Date: Tue, 30 Sep 2003 15:17:15 -0400
Cc: ekr@rtfm.com, phoffman@vpnc.org

Looks OK. I've noted a couple of typos in line in the draft.

Thanks,
Donald

PS: As of last Friday, my office location and work phone
number have changed.
========================================================
Donald E. Eastlake 3rd,        Home:  
Motorola Laboratories          155 Beaver Street
111 Locke Drive,               Milford, MA 01757
Marlborogh, MA 01752 USA       dee3@torque.pothole.com
Donald.Eastlake@Motorola.com
1-508-786-7554 (w)             1-508-634-2066 (h)


-----Original Message-----
From: Russ Housley [mailto:housley@vigilsec.com]
Sent: Tuesday, 30 September, 2003 10:13 AM
To: iesg@ietf.org
Cc: ekr@rtfm.com; phoffman@vpnc.org; Eastlake III Donald-LDE008
Subject: Proposed Enroll Charter


I have updated the proposed charter based on the comments from 
Harald.  Anyone else have comments or concerns?

Russ

= = = = = = = = =

Chairs:	Eric Rescorla
  		Paul Hoffman

Security Advisor:
		Don Eastlake

There are many cases where a service consumer needs to contact a
service provider to get credentials that the consumer can use when
accessing the service; part of this initial contact may involve
the consumer and the provider mutually validating the other's identity.
This working group will look at some of the cases where cryptography
is used to provide authentication.

When doing enrollment of a service consumer against a service provider,
three pieces of information need to be provided or created in order to
support authentication of the service consumer to the service provider
(and visa versa) and to allow for additional security services to be
provided any information exchanged.  These pieces of data are:

   1.	An identifier, within a namespace controlled by the service
	provider, for the service consumer.
   2.	Keying information to be used for identity confirmation.
   3.	A set of service consumer permissions.  These permissions
	describe to the provider the services that the consumer
	wants to access, and they describe to the consumer what
	services offered by the provider that will be accessable.
                                       ^^^^ (extra word)

Each of these data items could be created by either the consumer or
provider at any point during the enrollment process.

This group will create a model to be used in describing enrollment
procedures and create a document for a framework how this is to be done.
The group will then produce three documents profiling the use of the
framework for for the following types of keying material:
              ^^^ (duplicate word)

   1.	A shared secret key.
   2.	A bare asymmetric key.
   3.	A bound asymmetric key (such as an X.509 certificate).

As part of the validation of the framework, the group will examine how
other real world enrollment procedures could be profiled.  For example,
credit card information might be part of the input to the enrollment
process.

Goals and Milestones:

Nov 2003	First draft of model
Feb 2004	Last call on model document
Feb 2004	First draft of Framework document
Jun 2004	Last call on module document
May 2004	First draft of secret key profile
May 2004	First draft of bare asymmetric key profile
May 2004	First draft of bound asymmetric key profile
Oct 2004	Last call on secret key profile
Oct 2004	Last call on bare asymmetric key profile
Oct 2004	Last call on bound asymmetric key profile

Prev by Date: Re: Internal WG Review: Recharter of Mobility for IPv4 (mip4)
Next by Date: IESG Teleconference Participation for October 2, 2003
Previous by thread: Re: Proposed Enroll Charter
Next by thread: Internal WG Review: Long-Term Archive and Notary Services (ltans)
Index(es):
- Date
- Thread