New Non-WG Mailing List: wimse (Workload Identity in Multi-Service Environment)

2023-07-19 Thread IETF Secretariat 
A new IETF non-working group email list has been created.

List address: wi...@ietf.org
Archive:  https://mailarchive.ietf.org/arch/browse/wimse/
To subscribe:  https://www.ietf.org/mailman/listinfo/wimse

Purpose:
This list is for the discussion of the problems and use-cases associated with 
securing interactions between workloads in multi-service environments including 
establishing identity and performing authorization by integrating
established technologies such as SPIFFE and OAUTH in innovative ways.


This list belongs to IETF area: SEC

For additional information, please contact the list administrators.

___
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce

Last Call: (The Entity Attestation Token (EAT)) to Proposed Standard

2023-07-19 Thread The IESG 


The IESG has received a request from the Remote ATtestation ProcedureS WG
(rats) to consider the following document: - 'The Entity Attestation Token
(EAT)'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-c...@ietf.org mailing lists by 2023-08-09. Exceptionally, comments may
be sent to i...@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   An Entity Attestation Token (EAT) provides an attested claims set
   that describes state and characteristics of an entity, a device like
   a smartphone, IoT device, network equipment or such.  This claims set
   is used by a relying party, server or service to determine how much
   it wishes to trust the entity.

   An EAT is either a CBOR Web Token (CWT) or JSON Web Token (JWT) with
   attestation-oriented claims.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-rats-eat/



No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information: 
rfc8792: Handling Long Lines in Content of Internet-Drafts and RFCs 
(Informational - Internet Engineering Task Force (IETF))




___
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce

WG Action: Rechartered Lightweight Authenticated Key Exchange (lake)

2023-07-19 Thread The IESG 
The Lightweight Authenticated Key Exchange (lake) WG in the Security Area of
the IETF has been rechartered. For additional information, please contact the
Area Directors or the WG Chairs.

Lightweight Authenticated Key Exchange (lake)
---
Current status: Active WG

Chairs:
  Mališa Vučinić 
  Stephen Farrell 

Assigned Area Director:
  Paul Wouters 

Security Area Directors:
  Roman Danyliw 
  Paul Wouters 

Mailing list:
  Address: l...@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/Lake
  Archive: https://mailarchive.ietf.org/arch/browse/lake/

Group page: https://datatracker.ietf.org/group/lake/

Charter: https://datatracker.ietf.org/doc/charter-ietf-lake/

EDHOC (draft-ietf-lake-edhoc), an output of the LAKE working group, defines a
lightweight authenticated key exchange protocol between two peers.  EDHOC is
intended to be used in constrained network environments such as NB-IoT, 6TiSCH
and LoRaWAN.

By publishing EDHOC, the base protocol specification, and the lake-traces
document, the LAKE working group has completed its initial goals. The working
group will continue to work on maintaining and extending the base protocol
specification as appropriate.

The initial design scope of EDHOC ruled out authentication based on pre-shared
symmetric keys and focused on asymmetric authentication credentials (e.g., raw
public keys and public key certificates) in order to streamline the working
group activities. Similarly, the base protocol specification does not define a
protocol for rekeying but rather a rekeying function to use as an inner
building block for key update.

The working group now will define a Standards Track EDHOC rekeying protocol
reusing the protocol elements from the base specification that uses symmetric
keys for authentication, to make those usable both during a key update and a
first-time key exchange.

Within each protocol message, EDHOC provides External Authorization Data (EAD)
fields. These fields may be used by external security applications to reduce
the number of messages and round trips, or to simplify processing. The working
group will specify Standards Track documents with the following uses of EAD
fields to augment the EDHOC key exchange:

  - 3rd party-assisted authorization of EDHOC peers. 
  Draft-selander-lake-authz
is a candidate starting point for this work.

  - Remote attestation of EDHOC peers, reusing as much as possible available
work from the RATS and TLS working groups.

  - Status verification of EDHOC peer authentication credentials transported
during an EDHOC key exchange (e.g. OCSP stapling).

The working group will also work on a Standard Track means for coordinating
the use and discovery of EDHOC application profiles, the definition of a
well-known application profile and processing extensions through EDHOC’s
defined extension points, such as registering new schemes and new EAD
registrations.

In addition, the working group will work on an Informational document
gathering implementation considerations and guidance for the base protocol
specification.

Milestones:

  Jun 2024 - Implementation considerations and guidance submitted to IESG as
  Informational RFC

  Jun 2024 - 3rd party-assisted authorization of EDHOC submitted to IESG as
  Proposed Standard

  Nov 2024 - EDHOC rekeying protocol submitted to IESG as Proposed Standard

  Nov 2024 - Remote attestation of EDHOC peers submitted to IESG as Proposed
  Standard

  Mar 2025 - Verification of EDHOC authentication credentials submitted to
  IESG as Proposed Standard



___
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce

WG Action: Conclusion of IPv6 over the TSCH mode of IEEE 802.15.4e (6tisch)

2023-07-19 Thread IESG Secretary 
The IPv6 over the TSCH mode of IEEE 802.15.4e (6tisch) WG in the 
Internet Area has concluded. The IESG contact persons are Erik Kline 
and Éric Vyncke.

The mailing list will remain open.

Message from the Area Director:

In consultation with the chairs, 6tisch is closing. I'd like to thank
everyone who contributed to the discussions and the documents, and
thanks also to the shepherds and chairs for their leadership.

The mailing list will remain open, should activity pick up in the
future.

- Erik Kline

___
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce