Minutes of the 2013-05-01 IAB Teleconference (Tech Chat & Business Meeting)
- Jari Arkko (IETF Chair)
- Bernard Aboba
- Marc Blanchet
- Ross Callon
- Alissa Cooper
- Spencer Dawkins
- Mat Ford (ISOC Liaison)
- Joel Halpern
- Eliot Lear
- Barry Leiba (IESG Liaison)
- Xing Li
- Cindy Morgan (IAB Executive Assistant)
- Andrew Sullivan
- Dave Thaler
- Hannes Tschofenig
- Mary Barnes (IAB Executive Director)
- Lars Eggert (IRTF Chair)
- Heather Flanagan (RFC Editor Liaison)
- Russ Housley (IAB Chair)
- Stephen Farrell
2. Tech Chat: The Web-based Public Key Infrastructure
Stephen Farrell and Hannes Tschofenig presented an overview on Web-based Public Key Infrastructure, building on the discussions in the recent NIST workshop, “Improving Trust in the Online Marketplace,” [http://www.nist.gov/itl/csd/ct/ca-workshop-agenda2013.cfm].
The slides presented during the IAB tech chat are available here: https://docs.google.com/presentation/d/1770WyBh1e0TcVNpAXnN7KzL7KI32muuAimCW-BEoY7Y/
Hannes Tschofenig noted that in 2011, attacks on DigiNotar, Comodo, and TurkTrust revealed that the Certificate Authority (CA) infrastructure is not in good shape. There are three main problems:
- The large number of trusted CAs means that there is a large attack surface. In addition, any CA can issue a certificate for any domain name.
- Certificate revocation is not as good as initially assumed.
- The operational practices of the CAs include certificates issued with non-qualified names, and Web PKI deviates from RFC 5280
Dave Thaler noted that the issues with certificate revocation are also applicable to DNSSEC. Stephen Farrell and Andrew Sullivan noted that in both cases, it depends on the quality of the data being signed in the first place.
Proposed solutions include:
- Reducing the attack surface by creating better name-to-certificate binding (e.g. DANE, Key Pinning) and detecting malicious certificates with Certificate Transparency.
- Improving the certificate revocation issues by fixing the performance penalty with OCSP stapling and/or changing the revocation mechanism (e.g., via DANE).
- Adding more transparency and additional guidelines to the operational practices.
Dave Thaler asked how key pinning interacts with certificate revocation. Stephen Farrell replied that if a certificate is in a bad state the first time a key is pinned, then the bad certificate will be what is saved until the key pin expires. Multiple pins and backup keys should be used; key pinning will not replace certificate revocation. Dave noted that it seemed possible to fix pinning so revocation would also update the pinned data.
Stephen Farrell noted that the proposals using DANE are very much dependent on deployment of DNSSEC.
The current Certificate Transparency experiment [http://www.certificate-transparency.org/] is working to create a database that binds names to public keys. However, since CAs are not required to publish their certificates, having a certificate not appear in the database is not necessarily proof that a certificate is malicious.
Hannes Tschofenig asked the IAB to consider what steps should be taken to progress this work, noting that there is currently not a shared vision about where to go from here. At the NIST workshop, there was interest in establishing an industry-organized initiative to develop vision, manage process, and lead deployment. Dave Thaler replied that developing the vision is very much something that can be done within the IETF.
Eliot Lear observed that this topic is relevant for the workshop on protocol deployment that he is developing for later in the year.
3. Meeting Minutes
The minutes of the 24 April 2013 business meeting remain under review.
4. RSSAC Update
This agenda item was deferred to a future IAB meeting due to time constraints.
5. IETF tutorial at the IEEE 802 Plenary meeting
The board briefly discussed the idea of the IETF presenting a tutorial during the upcoming IEEE 802 Plenary meeting. This will be discussed further with the IEEE 802 at the next IETF/IEEE 802 Coordination meeting.
6. Other Business
Cindy Morgan reminded Hannes Tschofenig to fill in the abstract and desired outcome for the “Workstyle of the IAB” topic on the agenda for the upcoming IAB Retreat.