by redmail.netbsd.org with SMTP; 11 Nov 1999 19:44:08 -0000
Mime-Version: 1.0
Message-Id: <v04210100b450b7c8c7d8@[204.254.20.18]>
Date:	Thu, 11 Nov 1999 14:42:55 -0500
To:	tech-security@netbsd.org
From:	Erik Fair <security-officer@NetBSD.ORG>
Subject: IETF Security Area Advisory Group (SAAG) meeting notes
Content-Type: text/plain; charset="us-ascii" ; format="flowed"

The Internet Research Task Force (IRTF, an adjunct to the IETF, 
reporting to the IAB) has constituted a research group (Secure 
Multicast Group - SMuG) to look into security issues in IP Multicast, 
come up with design guidelines, and experiment with protocols. When 
the experiments are mature enough, they'll be handed over to the IETF 
for standardization.


Working Group Reports

AFT - no meeting

CAT

Java GSS-API was the major topic for discussion. Kerberos documents 
are getting some small revisions, but are going to "last call" soon.


IPSEC - Ted T'so

Two issues: SNMP MIBs for IPSEC, and Public Key Infrastructure 
(PKIX); since IPSEC is the first consumer of PKIX, they're hitting 
all the teething problems.


IPSP BOF - IP security Policy

no report but substantive discussion


IPSRA BOF - IP Security Remote Access


Micropayments BOF - J.I.

Presentation from W3C about how to present E-commerce on the web.
Presentation from IBM about a mechanism to bill back for transactions.
J.I. presented his own scheme for micropayments
no consensus on working group charter - what work to do?
Probably one more BOF at the next IETF meeting


PKIX -

Briefing from X.509 WG chair who had just returned from a meeting in 
Copenhagen. Technical details of changes accepted were presented. 
RFC2459 has some bugs in it, time to discuss a son-of-2459.
Discussion of Elliptic Curve crypto for signing being folded into a draft.
Discussion of online revocation certificate checking - there are lots 
of ideas for how, time to settle on one.
Briefing on work being done in the European Electronic Signature Group.


S/MIME -

Five RFCs now at Proposed Standard; doing a matrix for testing to get 
to Draft status.
Several documents in WG Last Call.
Continued work on Security Labels
Another presentation about European ESG, with particular emphasis on 
how to make electronic signatures legally binding - they were 
encouraged to publish.


SYSLOG BOF - Marcus Leech

Many fine presentations, but lack of focus until the end when there 
was input from the floor about how to deal with the problem of secure 
logging in an insecure network. This was mostly about the UNIX syslog 
protocol, which is not really a standard right now. Eric Allman was 
there, and was interested in participating in the effort to 
standardize it.


TLS - Win Treese

Drafts are now or will shortly be at IESG for IETF Last Call; now 
working on Draft status for TLS. Updating WG charter.


XMLDSIG - Donald Eastlake

Joint IETF/W3C WG. The requirements doc is in last call at W3C, and 
will be in IETF last call shortly. The WG follows IETF rules.

a quick word about DNS - DNSSEC and DNSIND are being merged; they're 
trying to get their documents out the door.

SNTP - no meeting

need help - document editor.


Presentation:
Integrity Aware PCBC Encryption Schemes
Virgil Gligor <gligor@eng.umd.edu>, U of Maryland EECS
this work recommended by Steve Bellovin; goal is an integrity check 
and encryption in one pass over the data. It is patented, but may be 
made available for royalty-free license. Paper will be made available 
on the web.


Open Mike Time - Jeff Schiller

Bill Simpson - NASREQ is doing a lot of the same kind of security 
considerations that IPSRA wants to do; NASREQ has already done them. 
There will be a dinner to hash over security requirements between 
these two, and two other WGs.

Last night's plenary discussion about Wiretapping Protocols made the NYT.

meeting adjourned.