Secure Internet Key Distribution BOF (siked) Tuesday, March 19 at 1700-1800 =============================== CHAIRS: Edward Lewis Jakob Schlyter DESCRIPTION: Secure Internet Key Distribution (SIKED) This effort has a goal of understanding and possibly defining a protocol or set of practices for supplying public keys to elements of other protocols. The rationale for this goal is to enable security-enhancements of existing protocols. Keying material must be dynamically refreshed to maintain secure states, one of the stumbling blocks in making security work is the distribution and refresh of this material. The general problem of key management is beyond the scope of this effort. For example, the generation and derivation of keys are beyond scope, as well as the encoding of keys, whether raw or in certificates, is beyond the scope of this effort. Determing a generic approach to trust is also out of scope. The effort is strictly looking at how key distribution can be made to scale on the Internet. The effort will begin with a few distinct efforts, with the early goal of a requirements document. The first actions of the effort are to understand the various protocols that can benefit from a distribution of keys, and how this interacts with the each protocol as the protocol is currently defined. In addition, a few proposed approaches will be explored, as well as documentation of limitations on proposed mechanisms. There is no guarantee that there is one and only one approach to key distribution. There are already divergent approaches and this effort is not going to argue with them. Documents (proposed assignments, not all will be taken up): >Definitions and Scenarios - Simon >Survey of Applications Using Keys - Wes >Appkey: A DNS-based approach - Jakob >RESCAP-based approach - Keith >DNS Considerations: Lessons Learned in the DNS WGs - Ed >SSH Key Considerations - Rodney AGENDA: 1. Open meeting and welcome 2. Scribe and blue sheet 3. Introduction Ed Lewis 4. Documents 4.1 Discussing Application Public Keys in the DNS Ed Lewis http://www.ietf.org/internet-drafts/draft-lewis-siked-dnsargs-00.txt 4.2 Notes on Application Key Distribution Wesley Griffin http://www.ietf.org/internet-drafts/draft-josefsson-siked-framework-00.txt 4.3 Storing application public keys in the DNS Jakob Schlyter http://www.ietf.org/internet-drafts/draft-schlyter-appkey-02.txt 5. Other presentations 5.1 XKMS Phillip Hallam-Baker 5.2 NAPSTR: A constrained use of NAPTR and SRV RRs Leslie Daigle for domain-based service location Andrew Newton http://www.ietf.org/internet-drafts/draft-daigle-napstr-00.txt 6. Charter discussion 7. Next steps