draft minutes

Hi All,

My slightly edited version of Ernie's notes are
attached (thanks Ernie). Corrections accepted 
until the 8th.

Regards,
Stephen.

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 647 7406
61 Fitzwilliam Lane,                    fax: +353 1 647 7499
Dublin 2.                mailto:stephen.farrell <at> baltimore.ie
Ireland                             http://www.baltimore.com

Draft Minutes of the IEFT sacred BOF session, 
Aug 1, 2000.

Ernie Brickell agreed to act as note taker.

Magnus Nystrom, cochair of the BOF, gave presentation on Setting the Scene, 
which motivated the need for a standard to allow users to remotely access 
credentials.  

Al Arsenaut , gave perspective from wireless PKI.  Points that were stressed 
were:

minutes of meeting

All,

I corrected the spelling of Al's name (sorry Al) and added the
fact that we'd about 110 people present - otherwise same as 
last time.

Stephen.

Minutes of the IEFT sacred BOF session.

We met for an hour on Tuesday, Aug 1. Approx. 110 people
attended (not bad given the collision with TLS).

Ernie Brickell agreed to act as note taker.

Magnus Nystrom, cochair of the BOF, gave presentation on Setting the Scene, 
which motivated the need for a standard to allow users to remotely access 
credentials.  

Al Arsenault , gave perspective from wireless PKI.  Points that were stressed 
were:
*   People want to access their credential from multiple and different
    devices
*   Users want to have a consistent and convenient method for accessing
    their credential
*   Speaker would prefer if credential was in a hardware device, but
    realistically, there is a need for a software mobile credential
*   The standard must support direct transfer so that a user can directly

tweaked charter

Hi All,

Hope you all had nice vacations (I did!), but now we're
back to the sacred grindstone.

The ADs are looking for a final charter suggestion from 
us, and I've told them they'll have it on Monday.

I've done another slight tweak on the text from Pittsburgh, 
which gives you a day to send your last charter comments (as 
suggested alternate text, anything else is liable to be 
ignored), and then we can send it off and get to work.

Cheers,
Stephen.

--

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 647 7406
61 Fitzwilliam Lane,                    fax: +353 1 647 7499
Dublin 2.                mailto:stephen.farrell <at> baltimore.ie
Ireland                             http://www.baltimore.com

Securely Available Credentials (sacred)

Chairs:      

RE: tweaked charter

Steven:

Great job. I think it reflects the discussion from the BOF very well.

Here are two very minor and one major nits:

	While it is possible that a single protocol can be
	developed for both types of solution, two different
	protocols may be needed: one for interacting with a
	"credential server"; and the other to facilitate the
	"direct" transfer of credentials.

I'd like "While it is possible..." to be replaced with "While it might be
possible..." or smething similar, unless someone demonstrates a single
protocol that on analysis actually does provide both functions securely.

	In general, the security provided by such systems
	will be less than is provided in systems using hardware
	tokens, as the hardware tokens tend to be more resistant
	to improper inspection and modification.

It is not evident to me why smart cards are categorically more secure than
the mechanisms the WG may provide. Could you either ellaborate or else
soften the language?

	Security is at a premium for this working group; only
	authorized clients should be allowed to download
	credentials; credentials must be protected against
	eavesdropping and active attacks; attackers must not be
	able to successfully replace an entity's credentials at a 

Re: tweaked charter

"Walker, Jesse" wrote:
> 
> Steven:
> 
> Great job. I think it reflects the discussion from the BOF very well.

Thanks.

> 
> Here are two very minor and one major nits:

What's a major nit

> 
>         While it is possible that a single protocol can be
>         developed for both types of solution, two different
>         protocols may be needed: one for interacting with a
>         "credential server"; and the other to facilitate the
>         "direct" transfer of credentials.
> 
> I'd like "While it is possible..." to be replaced with "While it might be
> possible..." or smething similar, unless someone demonstrates a single
> protocol that on analysis actually does provide both functions securely.

Fine.

> 
>         In general, the security provided by such systems
>         will be less than is provided in systems using hardware

RE: tweaked charter

Thanks.

-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell <at> baltimore.ie]
Sent: Thursday, August 24, 2000 12:41 PM
To: Walker, Jesse
Cc: ietf-sacred; xme
Subject: Re: tweaked charter

"Walker, Jesse" wrote:
> 
> Steven:
> 
> Great job. I think it reflects the discussion from the BOF very well.

Thanks.

> 
> Here are two very minor and one major nits:

What's a major nit

> 
>         While it is possible that a single protocol can be
>         developed for both types of solution, two different
>         protocols may be needed: one for interacting with a
>         "credential server"; and the other to facilitate the
>         "direct" transfer of credentials.
> 
> I'd like "While it is possible..." to be replaced with "While it might be