Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Internet Engineering Task Force / 107 / 27 Mar 2020
Internet Engineering Task Force / 107 / 27 Mar 2020
Previous Meeting
Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: IETF107-SECDISPATCH-20200327-1950

Description

SECDISPATCH meeting session at IETF 107
2020/03/27 1950

https://datatracker.ietf.org/meeting/107/proceedings

A

Okay, it's time to start, let's not wait! Welcome everybody you're, an effective patch working group, meeting, IDF 107 virtual meeting. So if you could go to the first slide, please.

A

So, just a reminder that this meeting is recorded.

B

Franchesca, which sorry, which lies beyond the.

A

First, one so just to remind everybody, they're there to turn off the video and also your microphone unless you're speaking, use, WebEx chat to join the mic you and only to join the mic. You any other conversation, please move it to the jabber. Ask you to I will add you to do to the Q and minus Q to remove you. Please remember to sign your name and affiliation in the ether pad the link. Is there also kathleen posted it? And yes, please do join join the job, a room.

A

I also want to ask you to state your name before speaking, even though kathleen will be introducing you and if you can speak, feel free to use the jabber room and with mike and your comment will be reported via audio.

A

We are looking at the jabber chat, so if you use plus one in the jabber chat, please make sure to write down what you are, what your plus one is for, so that we can keep track, but also, let's try to keep the what you think is important conversation in the microphone, so that also the presenter doesn't miss. What's being said in the jabber chat, but if you have clarification questions of course you can post them there.

A

Also, let's try to make the discussion at the end of the presentation. The this will hopefully help the presenters to go through the presentation in a shorter time and for the speakers today we were thinking if you can to keep the presentation, 15, 10, 15 minutes and the rest for the discussion. That would be great and next slide.

A

So, yes, this is an IETF meeting and the note well applies. Please take the time to read and understand the ITF roof and in particular those about IPRs and disclosure.

A

Next slide: yes, we are infected patch next slide. Here is a bunch of useful links that are also posted everywhere by now. Next, yes, we have a new wiki, so we started to set up this sac dispatch wiki.

A

This is just a place to just to help out to have a useful discussion, so there are guidelines for effective participation, the SAC dispatch working group. This is mostly for people who are not aware of how dispatch working group works, but- and it may be good- to have some some form of template, also for asking for a presentation slot in one place or please take a look, and if you have some feedback and comments or something that you might want to add there, please let the chairs know or also feel free to edit yourself.

A

Yes, next slide the dispatch process, so this is a dispatch working group, so this working group does not adopt draft. It recommends next step for new work, so these are the possible outcomes so directing to an existing working group propose a new working group ad sponsorship.

A

Itf should not work on this topic or additional discussion is required. So please keep these outcomes in mind when you listen to a presenters today and when also when you ask for for question next slide. So here is the agenda for today. So we are in the first slot. We ended intro right now, then we have Stefan presenting SVT, then Brian will take. We talk about client certificate, HTTP, header and Kristy in will talk about IOC and the role in attack defense and finally, Rick will present adding fasl to HTTP.

A

If there any agenda bashes before we start looks like Roman Denis, you have one: oh go.

C

Ahead, Roman.

D

Hi I just would this is Roman I just wanted to go back to where you were talking about the wiki and kind of thank you in there and the other kind of co-chairs for putting that up. I think it's really critical for us of the ITF can make it easy to find the right entry way to get work started or to talk about work, and, while I appreciate that some of it some of the content there is, like you said, not targeted at folks that know how the process works.

D

I think it really will help folks that are a little less familiar with that process, so again really +1. Thank you for doing that. I think it's quite helpful. Thank.

A

You Roman, yes and I should also mention that right now, that is in linked from the data tracker page, the sec dispatch data tracker page and I will so posted it in the main list. Yeah. Thank you Roman.

A

So, if they're in there is no comments on the agenda, I think we can start and go ahead with the first person finishing.

E

The intros and starting- and there are a hundred and twenty four people on the way back and we.

A

Can hear you IRA, so you should meet your felt re, no problem.

F

Sorry give me one minute to get the slides up.

A

No, you should we are. We are early, so thank you're done.

F

All right, yeah, Stefan, ok thank.

G

You Stefan Santos on is my name and I'm here to present the signature validation token, which and offer that as an input to the ITF process, I personally think it's a very, very exciting topic and the basic idea behind this was initiated or started more than 10 years ago, and when Etsy tried to address the long term. Signature validation in what I found was a very backwards manner and that I think was doomed to fail and it still has not succeeded, and until now many people haven't cared about the long term.

G

Validation and I have to be say that most of the time have been one of them, but recently this has become a very, very important topic. You can move to the next slide, so this is all about being able to validate signatures in a distant future, and can you switch to the next slide slide? Please, if it's possible.

G

So the goal is to have a very, very simple solution, instead of a very complex solution for validating signatures in a distant future, and recently this has become a very, very focused topic, especially in government agencies where there are legal departments are pressuring them in order to make full use of electronic signed documents in favour of instead of having paper-based signed documents, and many agencies find themself in a void with no mature standards and develop services to rely on and they are forced to invent their own solutions.

G

Many times is just about having some kind of log that this document was actually with. His number actually was verified and signed, and that's all they have, but there is a pressure in order to to get something that works, but the complexity of current solutions is a big deployment. Blocker next like this.

G

So in order to talk about history, we have always sort of approached the problem like the time-machine approach, and that is, we have defined the standard so that we can do the validation in current time. In order to do that, validation in current time in the future, we have to build a time machine. That brings us back to a moment in time where the signature was fresh, the certificates were trusted and the algorithms were secure go to the next slide.

G

So there are three things that you want to achieve in order to do that time, machine one is to establish a time when the signature action existed, where all of these checks can actually be done. That means in that time you can prove that the certificates were valid, and you can also prove that the document you're looking at right now is matching the signature that existed at that time.

G

At this time, the algorithms in use were still is considered secure, and it's important that you have. Actually you need to prove that that document you're looking at is that document that was covered by the signature, because, if you're looking at the time when the algorithms are no longer secure, you may present another document that you found in recent times. That would match the old signature and you can full the system that other way.

G

So next slide, please to do this trick turns out to be a very, very complex thing, and this is a very much simplified picture.

G

First of all, we have this certificates that support the signature in order to prove that they were valid at the time you need to have stored, revocation data such as OSes PCL responses there, so CSP responses and revocation lists, and in some countries you actually have national as these piece, not the one that are signed directly by the CA issuing the cert, but a national level, CSP responder, supported by its own searching, which can make things very, very complex and hard to validate in the future, to prove the time, there's normally a timestamp of the signature itself and then in order to prove that the document existed, you do the archive time, stamping that's the timestamp to the left and all of this needs to be supported by certificates, and then you may have many a cascade of archive timestamps when the certificates supporting the first time expires.

G

You need a new one and such, and you may also have a document with many signature, and this multiplied all the time in, in the worst case scenario, failing to validate approve the validity of one of these signed objects, fail the whole chain of proof next slide.

G

So the obvious problems of the time machine approaches that is very, very complex. None of the timestamp services actually do any validation of the signature itself. It's all designed to bring you to the point where you can validate the original signature and the current standards are incomplete. For example, there is no requirement to store certificate, supporting revocation data. It is voluntary and you may actually need that data in order to prove a is a full chain of evidence.

G

Eventually, a proof of this time will will crumble under its own weight and will be impossible to to uphold in the future at some point in the future. It will be too complex to to to do that validation in any within a certainty next slide.

G

So the idea here is that we need a new paradigm. We need to do this much much simpler and next slide. There are three basic IDs in order to achieve this. First of all, to remove the time machine, so the die idea is to have a token that does not do a times machine trick, but actually is an assertion that the signature was checked according to a certain policy in when the signature was fresh, and this this token can be signed with a secure algorithm that survives beyond the certificate validity period.

G

So it would remove also the need to validate any of the original cryptographic primitives. So the original signature, algorithms in original hash algorithms do not have to be used anymore once you have the svt. The third thing is that you achieve this by one single sign statement. The SAT itself signed by one currently trusted key and using one current trusted algorithm and when in the future and SAT might become old, you can replace it with a new one. So next slide.

G

So this looks quite easily a quite simple structure, so we have a typical sign documents which have a signature, and the signature contains some kind of signature context with this, which is a a a excerpt of what is signed and the hash over the signed data. What algorithms are used in transforms and so forth, then there is a signature value actually computed over the signature context.

G

Then there is a certificate supporting the signature, so in the signature validation token, which is a JSON web token with claims- and there are hashes over the signed document, there is hash over the signature context. There is a hash of the signature value and there is a hash over the certificates used to do the verification because of those hashes, you don't have to use the cryptic crypto algorithms of the original signature.

G

Once you have this statement, it includes a statement about verified times that were checked and statements about validation, results that was done by trusted validation service. So this is like you: do the validation by a trusted service once and then you store that validation result in the token and you no more have to validate the original signature next slide.

G

This can be do very, very small and very very efficient. This is a well I made the hash values a little bit shorter for a good presentation, but this is actually complete, claim set of a signature, validation, token. It contains the time of issue and and issue, and it has two claims about one signature and and that's pretty much all. It is next slide.

G

We're basically two profiles, but suggestion also also a possibly a third one for how to do this. In PDF documents in XML signatures and in the PDF document case where the next signature covers the old signature and makes it complex to add data to previous signatures, we suggest to add a document timestamp where the signature validation token. The SAT is just an extension inside the timestamp and we have running code. This works perfectly fine with no problems in XML.

G

The signatures are more atomic and can live by themselves, and we would suggest to include the signature validation token in an object inside the signature itself and as this unsigned data, and we would also think that it was much possible to do this in a JVs document gave your signature as.

A

An.

G

Unprotected header and that's up to discussion next slide.

G

And that's important to remember that the SVT token does not claim that the signature is valid. It only claims that the trust service, a performed, the valid process B to validate the signature and came to the conclusion C and the important know difference- is that that claim never changes. The fact that a did the validation process, B and came up with results C is true.

G

Whatever happens in the future, while singer to validity can be something that we can change in the future, so that we are aiming at making a signed statement of something that will never change in the future. That's something we can always say. Once you have issued this statement, that statement will never be false. It never has to be expired or have any expiration date. Actually you can. It can be valid for as long as the cryptographic algorithms Kansas can support it. Next slide.

G

Some of the criticisms we have had in the discussions with external parties is some people have a hard time to believe how I could trust a token SAT token, what if the verifier is not trusted and so forth, and our counter claim here is that you are even worse out with a traditional time-machine approach, because in the traditional time machine you have to trust statements from many many many trust services, and if one of them is false, your chain of proof falls here.

G

You have one trusted service, doing a trustworthy validation process when the evidence is fresh, and that is better evidence to the judge than then coming up with all these complex collection of signed objects. So what if the SVT gets too old and we see no problems of issuing in US city based on an old one, you can simply replace it. Some people say it's obviously better to be able to validate the original signature than to rely on a statement that it was valid. We run this through lawyers and I.

G

Think that that is, if you look closely into the proof, is it very much easier to present the evidence that a trusted third party service who made the validation of the service is a better evidence than trying to to come up with? Can play a complex change? The proof next slide.

G

And why would I trust your validation service? It's also important that it is not designer. Typically, that's the SVT. It is the relying party after receiving the document verifying the document and wanting to archive its own evidence is going to turn to the SVT issue, its self trust and then add it to the document after the signature was created. So it's not about I, create my SVT and everybody needs to trust the ones that the signer provided.

G

It's the relying part in the verifier, typically that that's this do I have to use special tools in order to make this document work. No, the solutions we have for PDF and xml will work with any standard xml process and any standard PDF and a standard PDF reader would just see this. As a document, timestamp will see those strange things with it. Any applications who actually understand it can take it it's further and use it as a validation tool. So next slide.

G

So the status is that this is a government funded, funded research project in Sweden right now, but it's more than actually a research project. It's actually also developing a document that will be considered as a sweetie standard for for government agencies.

G

Specifications are available on github and we are creating open-source and we actually right now have running code for PDF and XML in Java and open source for production. Radio, open source will be available and it's funded to be developed and available at latest in September this year. Next slide.

G

So why ITF well I think, first of all, it's based on the short format. Maybe that's the bad argument, but it can support IDF signature formats like CMS and JVs they're, actually, no other standards organization that is doing this and IDF have done similar work in the past.

G

If you're looking at evidence records and such things with L tents, I, don't know if that's a good argument either, but it is a very important subject and this solution is may be simple enough to be a nice thing to make into a a standard document and- and it would be a good thing to have at least something standardized that can be a counterbalance to the time-machine approach, which I think is destined to die under its own complexity sooner or later.

G

Next slide. Where would I like to see this? The only group existing I can think of is lamps, so I have no other proposal than that. Maybe it fits. Maybe it doesn't. That would be very good to have your inputs, and that was my last slide and it's open for questions comments.

G

Great.

C

We have one of our ABS vendata up. First hi.

H

This has been Caidic, so I found it kind of interesting that, at the start of the presentation you talked about being able to in the future validate a signature, and then we sort of transitioned in the latter half of the talk to the safety proposal, which is more about knowing that in the future that this signature was valid. Now and I. Think these are related concepts but they're slightly different and they have slightly different semantics.

H

So I think it's unclear whether we should be doing this work until we know what the actual requirements are for the people. That would be using this if they're more concerned about knowing in the future that the signature is in fact, still a valid signature issued at that original time or if they only need to know that the signature was valid at the time was made or at the time that the SAT was made and with my apologies to the people behind me in the queue but Mike Bishop had mentioned in the jabber.

H

A very interesting point that I will repeat on his behalf, which is that if we treat this not as a proof that the signature is good, but we have in learn, stood like making a note to ourself or noticed people that trust art ourselves, that we have checked the signature. That's sort of get a third different, subtle, different semantics that we could be assigning and that might actually be more palatable to be able to reason about what.

G

That's very, very, very, very interesting comment and the first time I've heard it in that way and you're absolutely sure in in in that sense, that we're making a statement that we actually performed a validation process which is not very diff from having a revocation statement or analysis key statement, because that is also a statement of the validity of of some of the proofs here.

G

But but we do have the hashes overall, the signature elements in order to prove that they are accurate and we have a statement that the signature itself has been validated and you can also check the to the crypto primitives if you want to using the old gal Griffin's. So the idea is, of course, to establish the fact that the signature was valid and is valid. As the lawyer we are talking to stated to us, every signature is valid one side. They never become unvalidated.

G

And at the time when they were written, they never become unvalidated.

H

Particular legal case, the the two distinctions I was making are collapsing into being equivalent I.

G

Would think so, but I'm not I would think so. Yes, okay.

H

I was just sort of going at this from an example that was also mentioned in the jabber room about like if I have the title to a house or the D to a house, you know and I go to sell the house in 20 years. What is the actual property that I need? Do I need the signature on that the deed to be valid, while I'm selling it sort of intuitive these things like the the key property to have, but if.

A

You have a legal.

H

Perspective that's equivalent to the signature having been valid in the past yeah, then maybe there's not a problem now.

G

Did this this turns into more illegal than a technical discussion? I'm, not a lawyer, but but all the lawyers were talking to claims that the signature never becomes invalid. It may be the fact that you bring you proof to the table that the signature was never a fact valid, and it was never in fact signed by the person who claimed and I can bring those evidence, but you can ever come to a conclusion that it was valid when signed, but some mysterious way it became invalid.

G

So the only thing I have to prove is the fact that the signature was validated successfully at a certain point in time, and that makes it valid forever.

H

Okay, yeah cuz, I use from the legal perspective. That's a different way of thinking about signatures than were used to in cryptography. For yes,.

G

Yes, so this is like a way of supporting the fact that that the signature was checked during all of the evidence that were available at the time and it was actually validly signed by this person.

G

These were the things that we rechecked and you can add all of those data into it if you want, but the most important thing is the conclusion, which is a lot better than a lot of government agencies are doing today, because they don't, they just have a log with a number reference to the document, with no cryptographic integrity of the document whatsoever. Right.

H

Okay, let's move on to eckers question.

D

Hey Eric with Borla hi, Eric, Chris Carla.

E

um So um I guess my question so as I understand it, the design here is intended to protect against, in part against compromised of the key material of the UM of the message design, the real message right.

G

Tell you the last thing once more: the.

E

In part, this is intended to protect against to compromise the king mature or you to sign the original message right.

G

Or.

E

Downwards.

G

Yes, that's that's part of it, because if, if the original algorithms become broken, it becomes so much harder to validate the original signature, and it's very correct requires so much supporting evidence right.

E

On what about having lives of the algorithms used on ESET, then.

G

You have to before they got compromised issue in u.s. city or protected by block chaining or any other method that makes the compromised non feasible to exploit right.

E

So I guess I'm trying to figure out is there's nothing like no. Are we back to the same problem before we can starting to see.

G

You would believe that it's the case but I claim no because in there regional a case you still need to validate original signatures. So you need the whole chain of troop to go back to the time where you actually could validate. It prove that this was the date I did validate and so forth. In this case, we have a statement at the validation process took place, so I can replace this completely with a new one.

G

I don't even have to save the whole one, so the new SVT will replace the old one and you don't have the cascading complexity here.

E

I'm going to send it down, I'm, not persuaded I.

G

Understand I wasn't I had to think about it for a long time, but that's my conclusion today and I understand it's not easy sell, but but but if we sit down, I think I might be able to persuade you that you could do this trick without Freight. Think of the cascading complexity, but it.

E

Sounds good thanks? Yes,.

C

Okay, next step is Romania before.

A

We move on just to say that clarification questions are great. Thank you for bringing those up, but also please, let's try to remember that we are asking for feedback on The Dispatch questions, so those are very appreciated. The.

G

Blockchain came up right away there. Well, this is not a blockchain proposal. I promise you.

C

Women hi.

D

Hi I wanted to get a better sense of how much work there is here. I mean it kind of hearing you kind of talk through it. There's the core underlying kind of approaches, and then it seemed like there are a bunch of profiles that would need to be made. Am I reading that correctly, yeah.

G

I there is a basic there is a basic standard or specification for the token itself, but you need to profile how you include the token in every type of sign document like PDF and XML and for each type of signed document. You need a profile, and so so that's that's correct. Yes,.

D

Got it so that with that intuition into what for chance, Francesca just said, I think since you had lamps up there, this seems like a more substantial body of work. I, don't know whether we could easily jam that in there I.

G

Fully understand that that you're coming to this profiling issue, where you want to stick the profile you could have, it could be something in my thought. It could be something like the scene in which is no longer active, but it was a token oh I lose through the word, but but the the protected token bearer token. That is, that is in other standards as well. You might have the basic profiles in one one group and you might have the the other profiles in other groups. If you, if the need arises.

C

Okay, next step, we have and I'm cutting the queue just for tank that time considerations. We have been Swart hi.

E

Ben Schwartz, so if I am V, if I am that I think TSA, we called it, and somebody comes to me with an RSA 512 signature from 1998. What am I supposed to do with it? If.

G

You if, if, if you can't verify it, you can't issue an SAT for it. The idea with this university is to do it when the evidence is fresh and trustworthy, and that clearly does not seem like a trustworthy signature to me.

E

Okay, so the TSA has some kind of policy yeah.

G

Yeah yeah yeah, exactly the the the standard itself does not produce, claim or or or enforce any policy it just gives a blank sheet for you to say, I did the validation according to this policy, and this was the conclusion and and if you have a policy, a very low-level policy that we did this validation of this very insecure signature. We came to this conclusion. You can do that, but the point of doing that is sort of very small.

E

Okay, I think I think that's clear enough. Thanks.

A

Okay, so I think that Melissa every.

C

Ten times, okay, sorry.

B

About the.

C

Queue I'm.

B

In Jordan I just have one quick question: um Stefan, it seems like in the use cases you described. This was mainly the same entity producing and consuming the the SBT, which kind of hints to me. This may not eat a specification. So what I'm wondering is? Why is there a need for an interoperability specification here? Are there multiple vendors, see images or something like that? Yeah.

G

In the simplest of cases, you actually don't need any standard at all or not not even agreement. If you do your own implementation. First of all, we may want to foster to have off-the-shelf solutions that can be handed over with removal, limited price tag and that it would be supported by standards, but you may also in a community, want to be able to verify each other's esti tokens so that you can increase the size of the community. That would benefit from the same tokens. So, but it's just it's a fair and valid question.

A

Okay, so we have one question from Jabra: if we can make it really quick, as we are out the time.

I

Sorry, if their timers or not.

A

Really quick.

I

Right, so the question is: is there a reason that this needs to be embedded in a document and can't just travel alongside the document? As that would change dispatch questions a lot it.

G

Can it can travel alongside the document? It does not have to be inside the document. It was an important feature in our project to be able to put it into the document for several reasons, but it's definitely not necessary.

A

Okay, thank you for that. So to wrap this up, so the chairs have chatted and we think that more discussion is needed. But we would like to hear what our ATS have to say.

A

So then brahmano.

D

Viduh yeah I was tricking a little bit unmute yeah I. Concur that we need more discussion here. I, don't see an obvious place with an existing working group. Perhaps we could suggest if there's interest, we could start up a mailing list to get to get more discussion on what it is that we're talking about here. If it turns out you the that the scope of work is as broad as it seems here, it seems like both might be next step, but I think we need a lot more discussion on it.

A

Anything else you want to add Richard and Kathleen I.

C

Agree more discussion would be useful. Thank you. It was a good presentation. Yeah.

B

I think in your dispatch process, slides one of the outcomes was more discussion and community building needed I would be interested to see the community.

A

Of.

B

Interested folks here.

A

Okay, Thank You Stefan for the presentation and we can move to the next Brian.

A

Thank.

F

You, oh yeah,.

F

Slide should be up now, you're going to should I share mine. Are you going to do.

B

So Brian I have the PDF that was in the materials I'm ready to drive that if you like, or you can drive it off yours, these.

J

On my slides rig closed.

F

Off room yeah, why don't I take it then, and hopefully, by the time I'm yep.

K

Good.

H

Thanks, it should maybe just.

F

Showing up on the other end of the clouds there yep she's a free? Thank you, okay! Thank you.

F

Thanks expert second excuse me psych this, that for having me today, I'm going to talk about a modest proposal here for a client, sir HP header on the idea is basically the convey client certificate, information from a TLS terminating reverse proxy from there to origin, server applications on the back end, and so me that no need probably know my pension for putting photographs and presentations here. So, even though we're not in Vancouver I thought included a little shot of Vancouver here.

F

Just as background for this presentation, I promise that somewhere, less than half of these slides have a gratuitous photos are so going forward with that talk about what this is a little bit try to get at the sort of problem statement here, and that is the basically a lot of HTTP application deployments, have TLS terminated at least the initial TLS connection, terminated by some kind of reverse proxy somewhere in front of the actual HTS applications that are doing the work.

F

You see this in a lot of different ways: the old-fashioned kind of into your reverse proxy and origin, server architecture more and more you're, seeing like CDN as a service type offerings or application, though, balancing offering services that do the same things that effectively terminating TLS and proxy in the traffic back to the actual application, sometimes even in a different different domain of ownership, and even even more so lately with things like angrist controllers um in your new hotness of the micro-services world and sometimes TLS client certificate authentication is used.

F

I know it's not super common, but it has happened sometimes in certain use cases, and in that case it's often the needs of the actual back-end application to know something about the client certificate.

F

What these needs are will vary, but it usually need to know something about it to do something act on the authentication along the data, whatever it is, and in the absence of some standardized method of conveying that client certificate from the proxy to the back-end applications. Different implementations have done it differently or in some cases not at all- um and this is the cases of things right now. You'll see in systems like apache there's some de facto ways to do this, with some recommended header names and things in genex, but there's nothing.

F

That's common beyond just sort of the the general idea of how to do it, the actual names, header names and how data is encoded, vary from system to system or in a lot of cases.

F

This something like this just isn't supported at all, so um wrote a draft over last couple of months trying to basically standardize on what a header would look like that would allow the reverse proxy to convey the client certificate from itself to the backend application, so the application would have the data needed to work on it, and rather than going into the details of that, try to draw up a basic little picture to show what it is. The idea here is.

F

This would be a simple idea that could potentially enable like turnkey style, 'nor, interoperable integration between independently developed components and how this would work is you have a client making call to the server over HTTP over a client certificate, mutually authenticated, TLS connection. The client has no idea what the architecture, the backend is.

F

It's just making a call to the proxy and sees that as the actual server itself, the proxy sanitizes it's headers and will then pass the client certificate as a new header, with the defined name and encoding along to the origin, server and the origin. Server then can do whatever it's application. Specific needs with that certificate are, and that's like all of it in a nutshell, there's not that much more to it.

F

Certainly specifics that could be worked through, but that's the main idea is just conveying that certificate from the reverse proxy to the origin: server through a known, well known, defined, standardised header, name and encoding a little bit of backstory about how we got here. um I was one of the co-authors on RFC 87 l5, which was about using mutual TLS clarification in conjunction with some olaf functionality. The details of it aren't really important to this, but the course of discussing that and some other things on the mailing list.

F

One participant commented that he thought that this particular problem of how to deploy these sorts of things with an architecture like one that includes a terminating reverse proxy was undefined and difficult, and it was a shortcoming of this particular specification and it didn't define it itself through.

F

Paraphrasing my own thoughts, there was like well that's really beyond the scope of that, although it's a potential problem with something that could be improved upon, certainly doesn't belong in the scope of that particular document, which is just about using mutual TLS and Olaf specifically, but some more conversation passed and basically the question came up: was it possible to define something like this? Maybe get it pushed out into a CPA or PRF working groups it'd be more appropriate there and actually be very helpful to have.

F

This is the general specification following up from that one that sec eighties suggests maybe looking at how hot are fe or sec dispatch?

F

This was leading up to this for meeting and I wasn't going to be there in time to do holography, so I beg for a sec, distaffs spot, and some of you may remember me from the very end of that, where due to not having a draft at all and a little bit of jet lag and trying to rush the presentation in the last five minutes of the meeting, and sometimes with slides that had way too many words.

F

The consensus there out of the SEC Dispatch, meaning at one of six, was basically please come back later with an actual draft. So that's why I'm here um yeah so following on that, basically I wrote some drafts share them here and set this batch thinking about it more. Maybe there should have been a more general dispatch thing, but we got here how we got here, and the draft itself has received some positive if some done underwhelming reception, um there's just a few quotes. Somebody said it was useful.

F

Some people support the effort and the lack of it is going to pain, point migrating applications with clients or different up mechanisms for the cloud office. Somebody said good luck on the effort. If you need a vote, please let me know. Strangely enough is somebody that works in the IETF and knows we don't vote, but he mentioned that anyway. So what went so far as to say I'm surprised, it wasn't already a thing already.

F

um I can't see why it would be any other place in an HTTP and also off, let's the coworker, my mention that would have been really useful to have. Although he said it would the nice two years ago, since we've already done some integration like this without a standard, um so there seems to be interest in it. um It like I, said somewhat underwhelming hasn't been a lot of response, but largely everything, that's been said has been at least mildly positive. um There was some more technical feedback that came through just slightly before this meeting.

F

I haven't had a chance to fill it up cat, but I think some bits of it may be covered or at least discussed further in the presentation. um Despite that, I have my own trepidation about the work or it is proceeding with it. um You know there are lots of district solutions. Already on the market that exists for doing this and retroactive adoption of late coming standards like this is, it sort is really uncertain at best when things are already working.

F

Sort of trying to retrofit a standard into to replace existing ad hoc solutions is often I, ignore it or not, well-received or just doesn't get a lot of uptake I'm. Also a little worried that, despite what seems like a pretty simple proposal, consensus here might prove surprisingly elusive on the thread I mentioned previously on that sort of led to me doing this work. After that, consensus is sort of sketches of the work elsewhere.

F

The whole thing is generated into really strong opinions about how to properly secure or not the communication between the proxy in the backend and even got into borderline personal attacks, which isn't really relevant, but it seems people have a lot of strong feelings about this sort of thing at a previous IETF I was attacked, although it was not personal I was attacked in a meeting by a navy and discussing a very similar proposal around conveying this kind of information with respect to tow, combining um there's likely to be contention about exactly what pieces of the certificate and how much of the certificate and/or certificate chain actually get conveyed.

F

I know some people have felt like something like this would be more proper inside of the framework offered by the forwarded, HP extension, but that brings its own complications. There's similar ish type of work going on, but at different layers. So it's not a direct analogy, but it also is somewhat competitive to this sort of thing and, um frankly, there's all the other things that I don't know that I don't know about in the 1i I guess I do know that I don't know about here. I mentioned is the secondary cific at authentication hb2.

F

That would at least potentially have some ramification against something like this and what actual data goes in there. So, while there's the potential for something like this to be really useful, there may be difficulty in actually getting to a consensus approach, and even if we did there's some questions about whether it would actually be useful at this point since there's already a lot of people already doing something similar just not in a standardized fashion and I, don't know I'm sort of on the fence about it.

F

Obviously, which is why I have both sides of the argument up here and so kind of looking ahead, an opportunity to sneak one more photo on here.

F

Hope we actually do get to go to Bangkok, but even that may not happen, but I'm here suck disguise to try to sense of whether to dispatch this or not, and if so, where would be the most appropriate place for the work, TLS or ACP seem like potentially obvious, maybe the wrong word, but potential candidates, or maybe somewhere else or and then honestly, not at all, is a not an entirely unexpected answer either with that, that's all I've got here. So thanks for listening and take it.

A

Thank you, Brian zero, Thank, You Ryan. You got a lot of people in the queue and before start with the queue I just wanted to just highlight what you just said. So this seems like your options, also considering the positive feedback we've seen, questions might be HTTP based TLS or a focused working group, or maybe something else so please be whoever is on the mic. Please think about these possible options. When you comment.

C

And we have nine minutes for this part of the session with that Mike Bishop you're up first, you.

B

As my bishop, so first off from the secondary search standpoint, there's no conflict with this, because secondary searches is intended for delivering the search to that. First terminating was over for place, whereas this is for the back end, so no conflict. There um use case wise I, really like this, because it lets you pass things to the back end.

B

Ironically, it builds very similar use case to the previous presentation, in that you want an attestation that yes, I, have validated this signature and semantically the same we're just not looking to do it twenty years from now we're looking to do it one out further than go on as far as where to locate it, probably HTTP, but I can see reasonable arguments for putting it in yet those places. Thank you.

F

Thank you not sure I have any response or that one's even needed appreciate if you die. Okay,.

C

Through Nick Sullivan hi.

E

Brian, thanks for the presentation, I'd like to just first say that I support this work and wherever it happens, Montclair Wood is very interested in implementing it. You had mentioned that this is potentially a retrofit. I would say from from our perspective. It hasn't been implemented yet, and this solves a need so I'm very much in favor of finding a home for this.

F

Okay, thank you. Yeah I mean it would be a retrofit for some environments, but it's encouraging to hear that you know it could be useful as a new piece going forward. So thank you.

C

Mark Nottingham.

L

Hi I'd suggest you, as a next step, come to HTTPS and give a presentation. It's come up there before in the past. I have to dig around and find out what happened, but I just didn't get enough. Energy I, think I, you know getting involvement from CD ends and from reverse proxy vendors is probably what you want.

L

I think it's probably best to do it there or get those folks there and and I think the tricky bits of this are probably in the HTTP is a hop-by-hop protocol and you have to account for that: the design of the header and so forth, and so on. So at least involving that community, a little bit would probably be the next time.

F

That makes a lot of sense um done point about how this was very much, at least initially designed to only account for sort of the client to origin connection as a single piece of sort of 30 note to call it up not allowing for this sort of information. We conveyed hot buy hot, but um that's it's certainly. The sort of thing I would want to discuss further and make sure I really have a handle on going forward. So with that respect going to HP fess seems like it makes sense.

E

Necker.

C

Yeah.

E

Eric or squirrel um I'd really agreed. This is an important application on you know. We don't have as much to Ellis client off as we'd like, but we do have some and that's going to help. Maybe now that we fix the privacy problem, we'll get more I think I'm the person. That's ethical feedback in getting this right is a substantially more subtle than this draft server flex. So probably we need to like actually think about a little harder. I agree them not that easy to be ich. We missed the place for that, though.

E

So some my comment to plot we're sort of TLS comments, so it probably requires a fair amount of coordination with TLS as well.

A

Melissa see.

K

Hi so I kind of agree and support that something like this is needed. I was wondering like. Why do you need to send the whole certificate from the Gateway to the application, server and wise and just sending the subject identity enough.

F

I mean the first answer that is: I've had people, you know, they're people interested in only the subject, identifier, some we're interested only in public key. Some are interested in the issuer and the subject identifier, some like Eric, who just spoke, suggested that in fact the entire certificate chain is necessary. So there are different needs for different back-end applications, depending both on what their functionality is, as well as what the sort of the trust model is who's expected to validate.

F

What at the initial attempt at this, which is the draft, even though it's in a it's really pretty much a first draft of everything, my goal was to get to sort of something that would be widely applicable and easy to deal with, and the entire end entity certificate made a lot of sense to me in that context, because you wouldn't have to try to pick and choose at the standard level.

F

What particular pieces of data are relevant to the backend application, um but that doesn't mean that that's the final or the right answer, but that was that was my thinking at the time all.

K

Right understood, I think this is worth pursuing somewhere, I guess: I, let the tears and the ADEs beside. Where is the right venue Thanks? Thank you. Next.

C

Up Jill Soloway I.

B

Just Holloway the over the years I've seen a number of kind of cases where this type of thing has been misconfigured, where the appropriate kind of removal of incoming headers has not been done at the innocence, the Gateway that does the authentication in some cases.

B

You know, let's these headers through and causes all sorts of problems, spoofing and things like that in the back end, I think having a standard sort of extension, for this would improve the testability for these sorts of problems so being favored of having a standard, and if we could also do things in that standard, that would prevent some of that spoofing.

B

That would be awesome too, but it might be a harder problem, but certainly having the standard would make it easier to test for this thing, because right now, everybody's got different headers and you have to go know exactly what they're implementing in order to test that yeah.

F

I tend to agree with you, I think the standard likely and hopefully makes that situation better.

F

Although I know there's you know the counter-argument there is, it also makes it may be easier for for attackers to know where to start guessing and probe for areas that are misconfigured but I think on a whole having a standard for it and maybe taking it out of the range of configuration, but something that's just a functional checkbox piece in software that does the sanitization automatically, rather than being an additional, are configuration likely improves the situation.

F

That's a funny way of saying. Yes, thank you. I agree with you, but it is, may be subtle.

C

Okay and last up is Michael Richardson, with two minutes to go and thanks everyone for keeping your questions, tight, I guess.

M

I'll just relay what I think I was going to say, respond to Mike bishops thing. We need more than what he what he suggested and quite a few people in the job or said about 27 different things, and then the most interesting part was the suggestion that we actually need a working group on back-end stuff and that should it be split out of HTTP this and that actually sounds like I would have thought we needed that much. But if that's the right direction, then maybe that's the right way to go.

C

Okay, two rads have anything to add.

D

So the front, so the primary thing I've heard, is: there's positive feedback across the board that we need to look into this a little bit, but we need to think harder about the venue I think further, based on on the feedback, overwhelmingly there's kind of talked about. We need to at least talk to http bits about that, and we probably also want to make sure that there's adequate coordination, kind of with TLS. So my suggestion, Ben jump in if you disagree, is that we get a we get a conversation started in HGTV that fits.

D

Maybe we can get on the agenda in the in an upcoming kind of virtual interim, and if we need something broader, as was just brought from the jabber channel, we can talk. We can talk to talk about that, so easy fit tbh. This place.

A

Something so if there is no objection, wait 30 seconds, maybe even only.

N

10.

A

Then we can move on to the next presentation: Thank You Bryan. Thank.

F

You very much so.

A

Next is Kirsty.

B

Give me one sec: I'll get the sugar.

I

All right there you go.

A

We cannot hear you.

A

You seem to be connected via phone and that I don't know if it's a problem, if Secretariat, muted everybody.

K

Star suits.

A

Maybe this if the secretary could try to unmute curse, TP.

A

As a host yeah I'm, not the host I cannot do that.

A

Let me contact them.

O

Yes, Secretariat is online and trying to I knew you, but it's unfortunately not able to we're looking into this right now. Okay,.

B

So perhaps we can move forward to our last presenter. Well, we get the audio issues sorted out Rick. Would that be okay with you sure one second I'll get the slide so sure.

B

All right there you go Thanks.

J

My name is Nick moraine and over the past few years have been working on a puzzle that NL met and open-source pillar has been posing towards saying, basically that the Internet is so centralizing to silos and people are not getting the distributed, experience that they really should have according to, but how we tell the into the to be a, and what we came up with is that it's basically the hosting profiles that are not picking up developments as fast as the few silos are and that anything that empowers those people is good and it's going to help distribute, distribute responsibilities and power of the internet.

J

So what I have been doing over the past few years? Design, identity system, which basically says we start with the domain and clients- should have a web holes that have lightweight identity management solution that allows them to basically access services everywhere, hopefully, and where they can bring their own identity and the identity will be me at my domain book called your wood example book called and.

J

Bended leap in designing all that for quite a while and I'm here to present. Basically the idea, the client in this case has an account with an identity provider that runs out their.

L

Different.

J

Web host and they will run up to the purple foreign server and they want to authenticate as someone and the function of the gems back at the identity provider for the domain and because it's not NT at a domain deck, basically trust whatever client identity is given. There I've been looking for a number of protocols for doing that, and there are a few very, very interesting proposal. Something differently make now and I'm here to present one part of it.

J

But basically the concept is to bring your own and then e, and that means that is to have some form of realm cross over the foreign server can have way of testing the client realm and I hear people talking.

J

I'm gonna ignore pardon I, will just test in the audio problem and the back-end protocol for doing that might, for example, be diameter. Now what protocol can be used to authenticate because it will be? There are many proposals to making a single sign-on system that's specific to the web, but as far as I'm concerned, that's a little bit easy.

J

There are so many other rich protocols you should have and should allow clients to use so I've been comparing what a mechanism will be suitable for all the protocols or virtually all the protocols and have the next slide.

J

And at the next slightly.

J

That's a year, three mechanisms came up basically as sam'l, which is particularly very heavy, heavy weight for public keys and all the refined semantics verifying it. Both the first speakers spoke about this actually, but in a lot of detail, so it would be a possibility, but it's probably too heavy- to get people on board with very easy, especially when the applicator, which end-users with small domain hosting, actually servers, might work. Just like you can have Kerberos in a in a centralized in a organization you can have Kerberos at your domain host.

J

There are no strict problems with that, except perhaps that some people find it offensive to have to log on with Kerberos every day I mean some people are really accustomed to the passwords and don't want to break. Have it so. The third option Sasol actually gives a larger large range of choice. We can go from the easy access with a password and gradually grow to Kerberos.

J

The nice thing is you get to grow at your own pace and if it's a set of clients that run by the end user and the social validation serve run at their IDP, then what you're? Having is a free choice to to have a local policy for your domain and say I only want to do Kerberos or I only want to do scramble, and maybe I just want to do plain authentication.

J

You get a lot of choice and because the portal server is not really involved in the actual authentication in this design, that's actually they can't pull you down. Basically, they can't say we only support this or that now this requires a few crossover mechanisms and four covers I've found a way to do that and for some I found a way to do that so to pass the authentication through the intermediate server.

J

Google then rely on the result from the oh, my TP, because that'll carrying the two other options, basically I think that's the winners solution, except on HTTP, where there is no embedding process. There has been work on that fifteen or twenty five years ago. Fifty nothing and that never got around, but that was before HTTP authentication was more clearly defined and the things it read it ran into a I've looked into those and those are gone in the current proposal.

J

So what I'm basically proposing is, let's add, seneschal to the HTTP, so we can have these benefits or realm crossover for virtually all the protocols or the Taoiseach, because HTTP runs along with the other protocols, or at least can run along with the other protocols with a pluggable authentication system enough in next slide. Please.

J

So this is a bit crowded, I'm, afraid I'm left, HTTP sessile very briefly: I, don't care so much about how I think that's all in the draw. That would like just to explain why it's what's useful, but the request basically contains essential token that's being sent. It mentions a realm so that the intermediate server knows where to look back through diameter or something to look up for a yes or no for the authentication and basically the first time around. It will select a mechanism.

J

These are just tokens that are passed along: the authentication, header and SSO. The HTTP server will respond with a cell authentication header containing a server to client sattell token. It might relate back server to server state.

J

This will one of the things that went wrong in the previous proposal, because that hadn't been hardened out yet that if you wanted to have such a stateless performance, but since HTTP servers essentially want to be stateless, there's the intermediate state that assess all steps require that needs to be stored into a protected token and a false back to the client, which then relays back into following request and that can iterate as long as it requires until it finally gets yes or no and that basically, it can continue.

J

There's some provisioning for caching so that you don't have to go through this interaction for every single resource. You're addressing that's, that's just an extension, basically on the right I've drawn what this means in terms of rail crossover. So we have the client here, which is a lovely lady, know somebody with a skirt, as you could say, let's be, and this this client issues, sessile authentication and it fixed selects the mechanism for ethics, overs, sessile crossover and it mentions the realm where it wants to do that.

J

The ethics ogre basically is encrypted by either user shares with their realm. So it's end-to-end decryption and the only thing the purple server can do is look up. The realm find the background, make diameter diameter connection and fast on the Essex opal request and then fast better for whatever the client sends that what the admissions back until the client is authenticated. The Foreign Service sees this traffic pass the room.

J

He knows that, eventually it's a very validated realm I mean you can have NSF in Dane and unless all those things are quite helpful and certificates, of course, are quite helpful to establish the validity of the of the realm and anything at that realm is then reliable. So when this contact validated realm says this that it's it's Mary for example, then the purple server will know that it's Mary at realm will proceed acting with Mary ed realm, without having ever seen, Mary or or without ever having store the password.

J

So there's no set of passwords needed anymore either. So this is how the sessile crossover mechanism works. There's one added thing: that's that's! Definitely something to work out in more detail to explain in more detail. I, don't think I've done that sufficiently in the draw the channel binding can actually be used in the form of an to end authentication uses so Essex over is always mechanism social mechanism with channel binding, and that means that that Mary knows that she stopped it.

J

No, sir, because the T she use Mary knows that she's talking to do I defeat with a DP. Also knows it's. It's done for a particular connection and small pass through an extra intermediate server that might be well. It's a couple of consensus. Attacks are possible there that it can be mitigated. This is done well, next slide, please.

J

This is the other way of doing a realm. Crossover, that's based on Kerberos, and this all by the way pieces of this did the essential pieces have all been implemented, except that it hasn't been brought together to one whole. Yet, but basically, we know that this works all these magnetism here. The clients left on top, wants to contact the surface in another realm and basically, what the client has it's a hostname, so the client runs up to their own KDC.

J

I said I would like to have that particular surface, for that particular hostname, the local can she goes and looks into the database. That's the one point, one arrow and the database says: I, don't know that house many so the cave she then does is it looks into DNS using unisex philosophy to look up the realm over at the realm for the remote area and then looks at the KDC, then, okay, this is the flanking surface.

J

Kdc engage in energy exchange, which is basically less connection with damodar's messages going back and forth, and at that point there is a shared key between the two cases. This is standard facility in Kerberos, except that normally it's done by hand and this game this case it can be a keyless automatically span deleted after month.

J

For example, you can use it for a month and it might be refreshed in time, for example, is that if it is used a lot, but basically the two cases now know about each other, where one is the client and the other server?

J

This key can now be used to construct a reference or a redirection that sent back to the client. That's the two dot reader error, going back to the client and that's standard shape that all the Kerberos software basically understand how to interpret so. The client software doesn't have to change to accommodate this. Only the KB sees need to support this extra protocol. These extra lookups, the client now has a way to contact the ticket granting service for the surface.

J

Kbc so asks that once again for the ticket the to another place and because this surface cage team is aware of the surface ocean and we can actually draw on the ticket and then the client can finally run up to the surface and say hello. It's me shall we please engage communication.

J

This works a standard, Kerberos clients, as they are today, it's only in extension to KDC, it's well exchanged on the fly when it's needed. It uses dns again and TLS as the basic security foundation. The one thing that's really important is that the fees that are being exchanged between two cases are symmetric keys. So once you know that you can unravel the entire derived being system, so it's vitally important that the exchange is done with quantum cryptographic.

J

Quantum proof mechanism, and especially the key exchanges, is scary, the scary bit, of course, because then, if the element doesn't really have now turn a bit yet that's possible as far as I know.

J

So this this definitely is a puzzle, but there are other systems. I think lettuces, for example, might be used. You'll need to see what standardizing thiness, but this really requires quantum proof the TSP can be through KBC, but that that will come at some form. So this is basically the thing I wanted to present. So this HTTP acyl, which I think is an enabler to have the same authentication mechanism for just about any protocol. It can include the other two versions that represent as other alternatives, and there are his might.

J

This can help to unleash realm crossover into particularly in two different ways, which I think is really helpful in getting clients, more control of their online presence, their online identities and aliases and through the names and all that and suddenly become possible. So leave this is useful work I'm just this is a bit. This is actually three different aspects of the design. So I'm always looking for how to present this way.

J

To present this, how to pull this off because the specs are concentrated, they describe a single thing, I, don't know exactly what the best part is to bring this into the IDF and where to bring it in HTTP base has responded but has been lukewarm response. So a proto should also come here and talk to some people involved a security about what they felt about this either. That's what I wanted to say. If there are questions, please.

A

Yes, so just to remind everybody that this work has already been dispatched to, HTTPS I also have.

A

That's what I've heard now.

J

That that's not what I meant to say: okay,.

A

So.

B

I assume mark Nottingham is Malik you. Perhaps we.

L

Can, for.

B

Him countenance did I have.

L

We had a discussion of wicked Pradhan up to h3 this and to dispatch and a sec dispatch, and so we had a discussion with the dispatch chairs about what they should do and we came conclusion that the best thing to do would be for Rick to come to the next HTTP this meeting, whatever that might be and give a presentation to that community, and so we've scheduled that that should be whenever the next time is I got on a cue to say: we've done that.

L

So we're expecting to see this again in HD this, but generally our criteria for adopting new work in HTTP. This is that there's implementer interest and and good to the people who are willing to you know, review and contribute. As always. So as Rick said, the initial response was lukewarm.

L

Once we have a bit more discussion mode, we'll see how that goes, and.

J

That's, of course, I also brought it up here, but I already explained it. Oh.

B

All right so with all that established, uncie folks have clarifying questions and questions or comments on this work.

D

Romina, this is rhomin speaking. I want to jump in as a game vacuum kind of what Mark said. The criteria of having implementers and kind of interest is something we also have n security, so I'm equally interested in in hearing. If there is that class of interest to also help us decide what to do next,.

A

The jabber chat is still going, but I don't see anybody coming to the microphone. You.

C

Don't thank you.

J

Okay, then ask question and when you say, implemental interest fear of course implementing this. We have talked to you hosting parties who want to use this. But are you specifically talking about HTTP service in the implementers.

L

For for HTTP, we usually look at the different parts of the HTTP echo system, so server implementers intermediaries, browsers CDNs, those sorts of phones, yeah.

L

It gets a little more tricky, I might say. If it's just a server side component, then, if people want to you know, do things server side, you like add headers, or you know, facilities like nudist by extending a server using CGI or whatever facility. That's one thing, but if it requires server client coordination that we need to see that we generally would like to see the breadth of interest across the different components. The need to implement yeah.

J

And that is the case. Your pulse yeah.

C

Okay, Ben can are using the cue your.

H

Up see if I can successfully unmute, this has been key doc. You hear me yeah, yeah, okay, I have some severe technical difficulties out here, so I missed one of the talks. um I just wanted to point out that you know some of the discussion in the jabber room has been sort of centering it on whether you know on occasion happens at the HTM layer versus application layer and how the user experience is not great I just wanted to sort of emphasize so.

H

The user experience is not great in, like the current HTTP basic auth, that sort of thing and for negotiate as well. For that matter and so sort of some of the considerations in that area about how can we design something that collects is be useable, seem relevant to whether or not this work is going to succeed and I'm? Sure I did a terrible job of summarizing the Jamboree, but I welcome other people to chime in as well.

J

Yeah, if I may respond to that, the most scary thing to me reduce credentials in the same space where javascript code is running loaded from dynamic places, including adverse enforcement's that have key logging capabilities. I very much try to get away from in this design too. Very much try to get away from applications performing authentication and I know. That's not everybody's approach, but I would really like to get to push it into a lower layer.

J

Also, this is reasoning specifically from HTTP. What I'm trying to get to is that I would very much like to have the same authentication mechanism across all the protocol. Yes, I see a lot of it. It's almost like a read, see every now and then there's web authentication and this authentication will offer all the other protocol which somehow hardly ever meet, and that really surprises Munich is I. Think a very impractical situation.

A

We got Ecker in the queue yeah.

D

um I think.

E

That the I, so you say what was an occasion I'm, not sure if you mean we're walking or you peanut n ocation on the web, um I think yeah. Oh, that wasn't me.

E

And um I think that I am was sort of alluding to the. Perhaps they don't quite agree the details, the underlying story with authentication on the web. As far as I can tell is the site you don't want to detour, don't want to like defer to the browser and event education, primitives and so on that sort of means you're stuck with either something which is like. Essentially, you know, web forms.

D

Or which is.

E

Cat like Titan detected, oopsy they're, like you know, web forms or something transparent like um like web walk, then um in on you know on things that are you know HTTP, but not web applications and obviously there's like a lot alternatives for like having things like controlling the you know the you know for other other modalities.

E

That's why we've seen a lot of interest persons in like paid protocols for TLS and non web applications, but not so much for web applications, because we can't figure out how to like get people to do like to peg the cake for for web operationally. It's not on how awful it is specific context.

A

Okay, I think that we are out of time now for this presentation. Thank you, Rick thank.

J

You and.

A

We can move on to the next, so Christy.

O

Hi, can you give me now? Yes,.

A

We can hear you thank.

O

You so much.

B

So our give me one second slides up.

F

All right after you.

N

Thank you and it's a good evening. Good morning, good afternoon, everybody I'm Katie Payne from the UK national cybersecurity, Center the NCSC and just a background where government organizations that's aiming to make the UK the safest place to live and work online.

N

I just like to take the opportunity to thank the chairs and the IITs Secretariat and everyone who just popped up to help me with my mic issues and those who are dialing in from a range of time zones at the end of a long week, or maybe even actually your Saturday morning and I hope you all well, wherever you are, and whatever your circumstances I'm here to talk about my first ITF draft, which, as you can see on slide, is draft pain, smart indicators of compromise, which I hope will be a useful reference or insight to some engineers who perhaps aren't too familiar with the cyber defense attack defense industry.

N

So I'd like to get feedback on the strap and gauge them in dress and maybe, as a stretch goal, perhaps find a venue for this draft now or in the future. So next slide. Please.

N

Thank you so, where you can find the draft and it's been co-authored by only white house of MCC group and myself, you can find it on the data tracker, the links there. You can also find it on github and so and I've already had some feedback. Do please keep it coming, especially from a range of people and those who are familiar and those who are not familiar with the topic.

N

It's really good to get that Bret's range of views and stakeholders in all standards work, and, of course this is no different and so I just say at this point before I talk about io, C's or indicators of compromise I, just like to briefly outline what they are so that you're not lost through this whole presentation, I'm, IRA, C's are featured or attacks at Forex features or artifact of attacks or attackers. So that's just a very high-level view and we'll dive into that through through the presentation next slide. Please.

N

So here's the motivation for why I'm bringing this draft here and, firstly, both Ali and myself, we'd like to share knowledge with protocol engineers on a commonly used and important technique in cyber defense or attack defense, and just a note here, because I'll use these terms interchangeably as they mean the same thing to me, but I understand one is more IETF palatable.

N

So that's why I'll use both throughout the presentation and I think in the draft as well and so narrate it's yeah to share knowledge with protocol engineers and to my second point, this knowledge share should I hope, pretend prevent this technique being accidentally ignored. So engineers can make protocol design choices that affects the availability of FiOS es, which are those artifacts.

N

You observe about an attacker, and so both Ali and I we'd, like the IETF community at large, to consider the impact of this ioc availability and just in either direction if they're more or less available the related impact that can have so for an example for those of you who are familiar with miters attack framework, there's quite a lot of momentum in the industry at the moment about this. It's a useful framework that helps categorize and classify attackers based on how they act in a victim's network, and the framework is massive.

N

It's really really good, but to just to make an example.

N

If you drill into one of the techniques like data encoding, you'll see it lists the number of techniques that can be associated with an actor or a group of actors, and it's only possible to be able to do that and defend against the group of actors if security teams or, however, have the ability to get that information from protocols and there's also a number of rules in Sigma that rely on there being sufficient things in protocol to form IOC s as well and so finally, to my third point on the slide, which is that this draft can- and it already has brought a bit more cyber defense expertise into the ITF and engage folks from that industry who weren't previously engaged and so I- think that's just a good side benefit for the IETF community at large next slide.

N

Please thank you. So this is taken straight from the draft. It's the abstract as an introduction, so to be clearly what this draft is. Not it's not defining a protocol. It's not a format for IOT sharing, it's not a threat, feed format or anything like that. This is describing an important technique in attack defense for reference and for information, though the draft as it goes through, outlines different types of IOC s.

N

It discusses their effective use, adèle rotations that benefits and some IOC's are directly relevant to the work of the ITF and those are called AK protocol, artifact and, but importantly, we're not presupposing, as it says in the draft abstract, where you would find IOC's or detect them in the first place, as just that, engineers should be aware that they need to be detectable to fulfill the functions described in the draft next slide. Clean.

N

Thank you, so I love a good table of contents and I hope you do too, because that's this slide this draft and is aiming to describe and illustrate purposes of ISEs which are widely used. So the way it's structured is that first, it goes through what is ESR and then the benefits of them. You can see. There are seven sections there. Then we introduce there pyramid of pain and have had quite a lot of jokes about this, but no, sadly, it's not named after me.

N

This is not something I created, it's often referenced in the cybersecurity community, so I sort of wish I had invented it actually, but I didn't and- and it's just there to show the broad properties the broad range of Defense's that I see can provide and then you'll see as section five. We relate that to defense in depth and then finally, talk about a real threat group, apt 33, for which and some ICS were identified and used for defense just to give a case study to contextualize what what's going on next slide, please.

N

So what are is C's? Well, here's a list of them. This is taken from the draft as well. Clearly they include some protocol relevant things and that's what's relevant and the link to ICF and but there's other things in there too, like hashes of malicious, binaries or scripts, and that you'll see IP addresses domain names at TLS, ni values and certificate information, and so there's a section in the draft that talks about.

N

Why are you CSR, or just great and I'll, go through those and briefly, because I think it's important to recognize the benefits that the IOC's will bring? The first is that they are a big win for the underdog, and so it's cheap and achievable for lots of organizations and favorite charities. The small companies for schools like if you're a small manufacturing subcontractor, perhaps you're in the supply chain, for a big Thatcher. You have quite a big threat attached to you. Perhaps you just don't have much resource to manage that risk.

N

However, you will likely have a firewall, and so you can use things like the ability pretty easily and still get quite a good and base level of defense. There are. These are just made for network defenders to regularly Fatima's, but there are all government departments or big tech companies and because of this, they have a widespread and huge multiplier effort. On effect, sorry on attack different effort, so they are just them.

N

This big multiplier effect, which is which is really useful and I use a very shareable, and some of you may be aware of methods in which you can share eysies at the moment, and but this is just about the share ability and reproducibility of ICS being really quite top-notch. You can just capture it and keep doing it consistently. Look for things and automate that and it allows again the underdog to benefit from resources of bigger players so through the share ability of protecting a whole community and permitting this cyber security like uplift, which is great.

N

They can also help with attributions, which means and that an organization can sort of prioritize or perhaps accept some false positive trade offs when they're looking at particular subsets of malicious actors, and that gives organizations this kind of technical freedom and capability to choose their own risk. Posture and defence methods. And you also have big time savings with overseas. So it avoids duplicating your investigative effort and by conducting the same investigation in separate organisations just to find the same IOC, because.

A

Of that.

N

Shareability effect and when you get automatic deployment of Isis working well, then you get a blanket potential and get protection, but with minimal human intervention and minimal effort, which is kind of like a cyber defense dream so pretty good and for an example like we have where an email campaign might be happening, you can monitor for attack, you can discover ICS and you can get them out through your blanket dns protections and you're in this like sweet position where the same email campaign is mitigated before someone else even clicks the link- and so you kind of protect everyone like for free, nearly immediately, which is which is pretty cool.

N

And, of course there are other automatic alternative techniques like machine learning, and they do have their place that compared to ICS. These are from technique, really they're generally more expensive and can require manual intervention. You might have more false positives or lower confidence in each event, which can require sort of manual investigation, whereas IOC is kind of required, there's no human intervention. They do provide this protection against known threats, and you can also use ICS to investigate and discover previous attacks.

N

Like trawling through logs and they allow the defense defense in depth, so you have this common question of like oh, you did install antivirus or AV and yes, all very well saying, deploy AV and, of course, is the first and it's an important port of call, but just to be realistic, like not everything will have it and there's another draft within the ITF data tracker at the moment called Class C le SS, which is the capabilities and limitations of endpoint security solutions, and that has quite a catalogue of various reasons that and things might not have a V or might not be up to date like IC and legacy equipment, and even if M, something does have antivirus.

N

Of course, that can fail and for very good reasons. Perhaps it's going for a low low, false positive rate, or perhaps it's a never-before-seen executable. There's plenty good reasons so, rather than just relying only on AV, we aim for a sort of layered defense in depth. Can I get the next slide? Please thank you.

N

So this is the pyramid of pain, which is often referenced, and just to note that TTP s at the top that stands for tactics, techniques and procedures that you might see associated with an attacker group and I got asked why's this the pyramid, not a list, and- and it's not just because this ASCII art was super fun. It's there, this kind of building the idea that you're building on artifacts below it. So it's quite hard to start TTP's and work down. You sort of start from the ground up.

N

Every layer has value and, as you'll, see from the axis on the right hand, side that they vary in pain and fragility and precision. So the first kind of thing to talk about how much pain there is associated with these IOC's and it's actually not related to like pain of deployment or anything like that. It's how much pain it is to an adversary. If you defend at that point, and so it will vary from recompiling to totally losing your persistence and it correlates to how much communities for an adversary to change that.

N

So for changing a hash value that you said. It's just me compiling it's not not too difficult to change. Your IP address things like bit more difficult, and so it goes right up to changing your entire tactic and your techniques and the way that you infiltrate. That is much much harder and, of course, with how much pain it is to change it.

N

That's correlated with fragility, so the easier it is to change, then the more fragile that IOC is again taking the example of hash values, because that's quite a common and easy one to understand, and it's very easy to change a hash once you've changed it. That is, is they're totally fragile. It's it's gone has changed and that is also correlated with with precision. So more precise is, you know, obviously better, but it's usually linked to fragility as well. Using that hash example, you get no false positives, but it's easy to change.

N

So the idea of iOS use is that you can use a range of these things and you can meet in the middle somewhere.

N

So wherever works for you and to give high confidence events just specific to your deployment case, and and that's it- that's the idea of the pyramid so to kind of tell a story with this like if I compromise happens and as we said, AV is your first an important protocol, but then you know it could be absent if you have like hard to update infrastructure or for some other reasons that are mentioned in class.

N

So then you go up this pyramid and you've got IPS next and access control lists which can go on firewalls and or DNI filtering service domain names, and that would blanket defend kind of full, your endpoints, but of course it comes with both positive. So the idea is that you can employ a range of these things just depending on on your risk posture, so to illustrate that in the draft- and we discuss like a real case- study apt 33- it's not a comprehensive study of that.

N

It's intended to be read alongside open source material, and so this is where I usually use to defend against an advanced threat. Now there are many many more case. Studies available- and you know appreciate contributions or ideas for those, but if they have some other nuance, I, don't I wouldn't want the to kind of bloat into a big list of all the other possible case studies and all the times. I cease with use, because that would be absolutely massive and they're.

N

Just four apt 33 we focused on and I seize compromise, nine fragile indicators and caches or email.

A

Subject line.

N

Five IP addresses and seven domains and, as you can see from this pyramid, like they vary between between levels, next slide, please thank you. So I'm looking for input and I've already said the draft food, a few people and had some feedback and comments so far say thank you to everyone who has read the draft and commented, and so far they seem to indicate that this is like useful work or helpful informational in some way, and that comes from a variety of people with a variety of backgrounds that are quite encouraging to me.

N

Suggested venues have so far included mile Sakon and had a comment that didn't seem to fit into any present venue at the moment and actually, today, a couple of questions were posted on the start.

A

List so.

N

I'll just kind of address those and then go to open, open mic if that's okay, so one question asked today was like what's the benefit of publishing this as an RFC, and so my view is that some ICS are directly relevant to the work of the IETF, like those ones that I listed before that protocol. Artifacts. So just like to make this information like available, where it's relevant.

E

I'm sorry Christine, you scroll back I lost that 30 seconds of why it was good for an RC.

N

Okay and yeah, so what's the benefit of publishing, this is an RFC yeah.

N

So, yes, some Aussies are just directly relevant to the work of the IETF, though those that are protocol, artifacts and so I think it's kind of good to make relevant information about those tires by OCS available to those who who need it or who want to have it and, and what also kind of like you know, I think having something, succinct and clear and public is useful anyway, rather than kind of trolling text books and blogs and kind of putting this together and but for me the particular benefit for an RFC comes from like one making this available in a format, that's familiar to protocol engineers, because we're quite happy and familiar with an RFC format and to kind of making it available in a venue where people might reasonably see it without additional effort on their part.

N

So the audience is current protocol engineers, those in the community that are involved in security.

N

Just to consider this, like availability of Io, sees where it relates to protocol and I think like separately, having a reference kind of point to you whenever discussing or writing out this topic, I think that could be valuable and then just separately, like you know, IETF it has there in some places, it's like a very collaborative venue to create a document and you can get a broad range of experts and expertise.

N

Commenting on a draft so I think it's kind of value, valuable for that, and then there are another two questions on the smart list that would dispatch relevant. So just answer those and then wrap up to this first was if the draft would remain a summary draft and if so, would it fit into mile and so I'm, not a mile chair but I. Don't I, don't know about that second part and that essentially I can see the draft like evolving with input from others.

N

So this leads to the second question, which is with the draft evolved to state, to IETF protocol with new thoughts on how IOC's may be used and so I think yeah. It could be like both one and two, like I would like authors to join me and Ollie I'd. Welcome like developments by people who who know the industry. You know what protocol relevance. I could see it remaining as a summary Josh, in which case like perhaps miles Fitz, I, don't know and but I think.

N

If collaborators think it would be more useful to evolve and state like applicability to protocols, perhaps up how this draft moves forward, and perhaps new ideas on how IOC's can be used would be like an enhanced direction for it and and if that's the case like I'm, also not sure where such a draft would end up but I guess that would depend on the results.

N

The draft, or perhaps there are views on the room in the room already about like what that would do so at this point, I'll stop talking cause I, don't normally talk to this long in one go and but I'm keen to hear from those who are attending here, like if you're interested.

N

If you've read the draft, if you have any feedback or if you've been willing to work on the documents with me, or just to hear your questions, if you have questions from from this talk, so thank you very much and yeah over to the tab.

C

So I put myself I guess right before you been in queue, I hope, that's, okay. My question would be to see if you plan to evolve this beyond this summary. If there's some way that through you know something if it were to go to Mile, could it be expanded to? How might you integrate it into protocols or even OPSEC?

C

How might you put IFC's or integrate them in new ways so that they're relevant to the working groups and also relevant to changes in documents that warrant an RFC publication through the IETF stream, as opposed to is see the independent stream.

N

Yeah so I think I think that kind of depends on yeah. Thank you for the question. I think I think it depends on like collaboration and and what direction we think.

N

The dresses me helpful to go in I think it could definitely become a lot more specific and a lot more time to certain protocols and but I'm, not sure, like you know the independent stream, if that's like SLS and direct or it you know it can be a more general document in that stream, but I think it's kind of like what would be a useful informational reference, I suppose.

N

So, at the moment the zebra have had is that it's quite a good work summary and that there's definitely space to to go into more specifics and that this is just a 0-0 dress. So it kind of liked putting out there and I've had no one so far say like they already knew everything in it, which is like nice, so I think, and it would be good to like, maybe just see what well maybe I'll get you to rush people in the queue, but also yeah.

N

I could definitely see it going a bit more and like applicable to certain protocols, if that's the direction that the thing would be helpful.

H

Hey Ben Tina and Thank You Christy hi. This is Ben Carrick, so I think, following up on Kathleen, you did a great job, setting the stage. I think there's probably several different directions that this could go in, and it's not really clear to me, which one is the best and by directions.

H

I mean like the actual document self, in addition to a home for publication and so like, if we did want to frame it in terms of this is a sort of information that we might want convey in a protocol such as you know, mile or iof work. That would be one approach, but it would also be possible to sort of frame this as a sort of introduction or maybe tutorial style document about.

H

This is a set of concepts and techniques that are used by security practitioners and give a little bit of insight as to how that can interplay with idea of protocols.

H

It would be one aspect: you could also drop the potential for interplay with IT protocols and would be a more standalone thing, so I feel like we would need some input from people who are willing to put time in to help shape document towards targeting one of those and being more familiar feeling or readable to generic ITF participants in order to find a good home for this 90f.

H

If we don't have as many volunteers to do that, then it's not clear that there's a good place for us to publish it, as opposed to say the ISEE or versa. Naturally,.

C

Right, Thank, You Ben and we have rich from Jabbar.

A

So I'm not sure that we have our job described here. But this question was: is the interest in ITF because it will help the ITF or because the IETF has good read for publishing? Oh.

D

This is.

N

Not.

D

Good.

N

They have what was the last. It have a good something for publishing a good rep for publishing reputation.

I

Reputation, Oh.

E

Does.

N

It, oh um no, it's not it's, not the latter. I think it's them is notoriously difficult to bring new work inside yeah. So it's not a sort of easy Avenue. I think it's just that this is kind of maybe well-known in other organizations, and so it's kind of the idea is to bring it where it's where it would be useful, so yeah I think it's definitely more. The former.

C

Thank you and Mark McFadden.

F

Thanks um as far as the existential question goes, I think we do this. You know we, we do publish informational documents that are about operational experience and bring that operational experience to bear on protocol design. The recent relatively recent document that comes to mind is 85 17 right, which is about the effect of middleboxes on transports. um So this is something that that we do as a community and I would certainly support this going forward.

F

I agree with the sort of general comment here about how the document evolves will determine where it goes, but as it's chronically sort of outlined, it really seems like OPSEC might be a good place for it to try to answer the dispatch question, or at least that could be the next. You know the the next best home for it in a way, but my first question I mean one of the questions are kirsty brought up was well. One of the comments has been.

F

Should this even be an RFC and I reflected on that and sort of like what we do? Actually, some we do produce documents that provide information about operational experience and that's what this is. In my mind. This is a guidance to protocol designers about current operational experience and so that that's one of the reasons I support it and if I were asked a dispatch, question I think about OPSEC. First, thanks.

C

Thank You Roman to you.

D

Looking for the double mute, yeah I wanted to make a couple comments: oh I was going to say: OPSEC is a possibility that was just mentioned Thanks, the other one is mile to kind of be more precise, but how this could fit in a mile. It occurs to me that there's a particular architecture that mile has with IRCs there's a particular work flow being suggested about how they're used.

D

Could we marry up the proposed work flow, that's being proposed with using I OCS with some of the IETF technology in mile and then the last one to mention this was teed up in the in the jabber session about privacy considerations. Could this be inverted a little bit to remind protocol designers that they expose features in their protocol, and so how can a Cure's potentially use those features that they expose for more pervasive monitoring?

D

So a couple ways this could go.

O

Hey.

C

Ben Schwartz.

E

Hi Ben Schwartz yeah I want to highlight that point that I don't think that the draft, as currently structured, could command IETF consensus because it runs into conflict with a lot of existing work in privacy and passive surveillance. Defenses.

E

So I think that the document should you know in its current form, could go forward as an independent submission. But if adopted, I think would probably I predict actually be substantially modified and end up looking quite different in order to reflect the consensus.

N

Hi-Yah.

A

I can.

N

Just come back on on the last couple of questions, so go ahead. Em! Thank you yet so I hear the concerns and just to restate this is a zero zero draft.

N

So it's you know not not definitely in its final form, of course, and but I just maybe go back to my my slide on the kind of motivation to this and and the reasoning behind it, which is just it's an informational and RFC so like this is how things are used, and this is you know they have benefits, and this is a fact, so it's just M to share knowledge with engineers really and then just to prevent the technique being like accidentally ignored.

N

So it's just defined choices that kind of affect the availability of IOC s, and so making no judgment on what those choices would be, or you know what would be best for whatever you're and use case and your stakeholders that you're thinking of but yeah so I hear the concern, but just I just like to redirect kind of those questions back to the motivation point that I thought I covered in. In my talk: okay, ELISA.

C

Cooper and solicit Cooper, just on that point, Kirstie when you say prevent the techniques from being accidentally ignored. That kind of implies, like some follow-on documents that would actually try to you know, for specific protocols enforce the availability of these raid, because, just by just by publishing this document, it doesn't actually prevent the techniques from being ignored. You would want to do something that's normative in order for that to happen. Right now,.

N

So I think that um you know it's kind of it's very easy when you think some expertise isn't there or whatever that it. You know you might just be quite forceful in pushing it through I. Think my view is that it's better to have information available and I. Don't think that this at all will precipitate a follow-on document that the document is kind of wise.

N

What I've written, what it's complete, in my view like what it will see and- and it will evolve, of course, with contributions from other people, but yeah, it's not intended to be the start of any bigger thing. It's just it. This is just all you know, one pickney that I really would like to share it's an important technique, in fact sense, and so it's kind of the idea of justice militia.

C

Thanks, okay, I'm yeah.

E

I share some of their choices, concerns I, think the question really. Is it really worth trying to get like it says, so this documentary will be just as well as an IFC document where you know we could say we could want to say and just you hit the points you think are important and you can still get a feedback but like it would be effort getting offensive. So I think that's the question. I'd product be working out for.

C

Okay, question from jammer, so.

B

I'm, just relaying a jabber comment from Stephen Farrell, so I'm scrolling back I believe he said that this sounds like an ideal candidate for the IOC.

C

Okay and do re these want to say anything.

A

Ladies Roman Ben I.

A

Think he was to you, then in Rome and.

D

Sorry having some comms issues, this is Roman speaking yeah I think there's a broad number of kind of opportunities about how to take it. I would so there's folks have different opinions on what it could turn into I think it's worth exploring some of those I think it kind of comes down to you.

D

What, where the authors might want to take it and I would recommend you know further community kind of discussion about how to appropriately tailor this, and you know where to insert this if at all kind of mean to the idea I mean there was a broad set of recommendations made here. So it's a 0-0 draft, so.

A

Where should be the discussion happen would be the next question.

D

So I think the two working groups that were mentioned were Maya Lin OPSEC. It's be worthwhile, I think to have conversations with both of those to figure out but I think the difference between those working groups and again it's a different approach. Is you know miles talking about a specific set of technologies, as I think we've talked about. Opsec is about a generalized kind of set of practices so which one of those do we want to pursue and that I think affects which working group.

H

Right yeah, I, agree with Rome I think it will be important or perhaps prudent, to see what kind of what feedback we actually get on the document and how the document of alts as a result of the feedback from the people who are willing to put the energy into give feedback, because I think where this trash will succeed depends on who is putting energy into it and what direction they want it to go in so I think I.

H

My recommendation is to not immediately try to get adopted by a working group, but to get some more feedback in D and evolve. The draft into a few more through a few more revisions and I would not be opposed to having that discussion take place on sag, but I'm also open to others. Justin's for discussion forums.

A

Okay, that sounds fair to me: Richard Kathleen, a step on you, so I heard big feedback on the document to be gathered in my land object, mailing list, I kind of dropped, the SAG, because I don't really know with that: a presentation suggestion or that.

H

Was just your email discussion about email.

A

Discussion: okay, please.

H

Just in comments other than just authors, so.

A

Cc sag as well or I,.

H

Mean if there's going to be the two working groups already that you know.

N

Okay, well, thank you for the feedback, yeah I'll stop and with my land, OPSEC and then I see how those conversations, progress and maybe update SOG at some point in the future as well at work. Thank.

A

You great so we thank you Jesse, so we have one minute left in our session, which is perfect, so I can give a short summary of the dispatched decision they were taking today. So for the SVT signal, signature very validation, token. The decision was for the action point for the ad to set up a main in this and start a discussion there and then, following the discussion, possibly start to both for the client certificate, HTTP header, it was dispatched to the HTTPS written group.

A

So start a discussion there, possibly considered working group focus on back-end stuff for adding sensor to HTTP and no actions were taken. It was already planned to have a discussion in HTTP this and finally, our last presentation was I. You see and the role in attack defense and the dispatch action is to gather feedback on the documents in my land object, mailing list, I work, working, I, hope that sounds fair and anybody who hasn't signed the blue sheet.

A

Please do go into the ether pad and to do so- and this is the end of the meeting- thank you so much for joining. Thank you or minute takers and everybody for joining and see you soon.

B

Five-Run thanks.

D

Thank everyone. Thank you. Everyone. Thank you. All.