[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Very eary cut at strawman draft charter...

To: ietf-trust-anchor@xxxxxxxx
Subject: Very eary cut at strawman draft charter...
From: Stephen Farrell <stephen.farrell@xxxxxxxxx>
Date: Tue, 10 Jul 2007 16:17:41 +0100
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.4 (Windows/20070604)


Hi all,

Since we seem to be converging to some extent Sean and I, with
a bit of help from a few others (they can id themselves if
they like:-) threw together a very early strawman charter text.

Note that we did not spend time honing the text, we just got
it to the stage where we think it fairly, but not particularly
precisely, reflects the list discussion to date.

If things go well in the 1st half of the Chicago meeting, then
it might be worthwhile spending some time on this. Meanwhile
we can discuss it on the list.

As you'll see the main missing thing is the "out of scope"
list, for which I've not seen anything much on the list so far.

Cheers,
Stephen.

Strawman charter for trust anchor management (tam) BoF

Version: 01, July 9th 2007

Chair(s) 

TBD

Security Area Director(s):

-  Tim Polk <tim.polk@xxxxxxxx>
-  Sam Hartman <hartmans-ietf@xxxxxxx>

Security Area Advisor:

TBD

Mailing Lists:

General Discussion: ietf-trust-anchor@xxxxxxxx
To Subscribe: http://www.vpnc.org/ietf-trust-anchor/
Archive: http://www.vpnc.org/ietf-trust-anchor/mail-archive/

Description of Working Group:

The need for a standard protocol for trust anchor management has been
recognized for some time.  Many groups within the IETF, including PKIX,
Kerberos, TLS and SIDR have a dependency on trust anchors, yet provide no
generic mechanism for the their management.  

A trust anchor is a public key and associated data used by a relying party to
begin the process of validating a signature on a signed object. Associated data
is used to define the scope of the use of the trust anchor for validating
signatures; for example, associated data might limit the types of identifiers
in certificates that a trust anchor is allowed to validate. 

Despite the wide-spread use of trust anchors, there is no standard means for
managing these security-critical data.  This Working Group will develop a
specification to fill this gap.

The initial problem statement for this work is to be based on:

- draft-wallace-ta-mgmt-problem-statement

The scope of the work is to include:

<<list to be developed in Chicago>>
- Supporting a single trust anchor administrator, such as in a typical
  enterprise, who may be administering multiple trust anchors in her domain,
  where those trust anchors can be either local or "foreign"
- Supporting multiple trust anchor administrators, such as is typical for home
  users
- Supporting devices with limited or no user interface that may or may not have
  connected to the Internet

The following are out of scope of this work:

<<list to be developed in Chicago>>
- TBD

The deliverables will be:

- An informational problem statement/requirements specification
  for a trust anchor management protocol
- A standards track trust anchor management protocol 
  specification

Goals and Milestones:

+6 months                 WG last call on problem statement/requirements
+9 months                 Adoption of WG draft protocol spec.
+15 months                WG last call for protocol spec.

Prev by Date: I-D ACTION:draft-wallace-ta-mgmt-problem-statement-01.txt
Previous by thread: I-D ACTION:draft-wallace-ta-mgmt-problem-statement-01.txt
Index(es):
- Date
- Thread