* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Tokbind Status Pages

Token Binding (Active WG)
Sec Area: Eric Rescorla, Benjamin Kaduk | 2015-Mar-24 —  
Chairs
 
 


IETF-102 tokbind minutes

Session 2018-07-20 1150-1320: Centre Ville - Audio stream - tokbind chatroom

Minutes

minutes-102-tokbind-00 minutes



          Tokenbinding IETF 102
          ---
          
          - John Bradley noted (with a dancenumber on stage) that all core documents
          are now in the RFC Editors Q
          - Brian Cambell presented status and recent changes for the TTRP draft
            + Ask for WGLC ?
            + Dick Hart supports the TTRP at mic
            + Stefan Santesson (at mic) - is there a need to authenticate the token
            binding by the origin? Can this be done with an extension in the future?
            + BC - there should be trust between the Origin and the TTRP. There
            was no apetite at present to deal with a general trust mechanism betwen
            proxies and origins.
            + LJ - consensus to take this to the HTTP wg: write a draft!
            + Martin Thompsson: too many options and there is no text in the
            draft. This is needed.
            + MT: do a WGLC!
            + Chairs hum and the WG decided to start a WGLC at this time
          - Giri Mandyam on Attested TLS Token Binding
            + New revision during the week. Good feedback. Talk through motivation
            and approach in draft.
            + Erik Nordmark (EN): why define a TPM 1.2 keystore and not a TPM
            2.0 one?
            + GM: a TPM 1.2 version was determined to be enough - open to
            suggestions
            + Eric Rescorla commented on a discussion on signature algoritm -
            the algoritm used in the cert doesn't fully overlap with signature
            algoritm  parameters. A missmatch of the async key type is an error.
            + Discussion on the question of using a separate TLS extension
            codepoint.
            + Andrei Popov (at mic) points out the proposal doesn't solve the
            problem - the problem of how you negotiate attestaion with extensions
            is much more complex and the extension codepoint is not helpful.
            + GM: agree this is not very expressive - asking the WGs feedback on
            weather it is useful to even try to negotiate extensions.
            + AP: overkill to negotiate extensions - no use for this
            + Discussion at the mic about how to "suppress" attestation. ERK notes
            that lots of TLS extensions leak information. The way to avoid that is
            not to announce the extension. Others (AP, MT, LJ) supported that view.
            + MT on open questions: no on first 2 questions (cf previous
            discussion). No on advertising trust anchors - not done anywhere else.
            + AP: another open issue is the use of the EKM to authenticate
            attestations. Attestations probably have lifetimes longer than TLS
            connections.
            + GM: EKM seems like low hanging fruit
            + AP: attestation statement don't need to be generated every time -
            those signatures need their own attesting key, maybe a signature over
            the tokenbinding key
            + MT: agree - contextualize the signatures
            + GM: agree
            + AP: need to avoid signing oracles in the design!
            + EKR and LJ: this will require re-charter
          - Open MIC
            + Fetch status update from Jeff Hodges - the original PR to Fetch
            was closed and a new PR was opened. Jeff is comitting to doing a
            review. Getting closer.
          
          



Generated from PyHt script /wg/tokbind/minutes.pyht Latest update: 24 Oct 2012 16:51 GMT -