headers
Olga Kornievskaia | 3 Oct 2006 17:33
Picon
Favicon

[67th IETF] SPKM3 BOF announcement

We would like to announce the following BOF for the 67th IETF meeting.

BOF name:  NFSv4 and Low Infrastructure Public Key Based GSS Security 
Mechanisms
Area: Security Area
Chair: Jeffrey Hutzelman

If this topic is of interest to you please email your questions and 
concerns to the mail list (spkm <at> ietf.org).

Problem Statement:

    The NFSv4 protocol has a need for low infrastructure PKI based GSS 
security mechanism(s) that provide for the creation of a secure channel 
using mutual authentication where    
    1) both user and server authenticate with public key certificates
    2) server authenticates with public key certificates, and the user 
authenticates with a username and password.

Current State:
    RFC3530 "Network File System (NFS) version 4 Protocol" mandates the 
use of RFC2847 "LIPKEY - A Low Infrastructure Public Key Mechanism Using 
SPKM". While RFC2847 fulfills the requirements of the problem
statement, there are areas where RFC2847 is outdated and/or 
underspecified. Futhermore, RFC2847 both replaces and refers to portions 
of RFC2025 "The Simple Public-Key GSS-API Mechanism (SPKM)" and is 
confusing to implementers. None the less, there are two implementations 
(Hummingbird and Linux) based upon RFC2847. 
draft-adamson-rfc2847-bis-01.txt, an update of RFC2847, is intended to 
address RFC2847 shortcomings and provide a complete specification that 
doesn't need [RFC2025] and that replaces [RFC2847]. 

Agenda:
    1) Need for a low infrastructure PK based GSS security mechanism for 
NFSV4
        - what is low infrastructure
        - existing markets
        - current implementations
    2) draft-adamson-rfc2847-bis-01.txt
        - issues brought up by IESG review
            - naming
            - algorithms
            - which diffie-hellman
            - clarify protocol security claims
            - whole document review
        - backwards compatibility with RFC2847 based implementations
    3) moving forward
        - finish draft-adamson-rfc2847-bis-01.txt
            - get draft into shape to submit to for IESG comments.
            - find reviewers
            - explore alternative GSS mechanisms
Permalink | Reply |

Gmane