Internet2 PKI Labs Conference Call, February 12, 2001

*Internet2 PKI Labs Conference Call*
February 12, 2001

*Attendees*

Neal McBurnett (convener) - Avaya

Bob Brentrup - Dartmouth
Ed Feustel - Dartmouth

Eric Norman - Wisconsin
Keith Hazelton - Wisconsin
Miron Livny - Wisconsin

Peter Honeyman - Michigan
Olga Kornievskaia - Michigan
Cliff Neuman - ISI
Bob Morgan - Washington
Jeff Schiller - MIT
Carl Ellison - Intel
Bob Moskowitz - ICSA Labs/TruSecure
Steve Bellovin - AT&T
Ken Klingenstein - Colorado/Internet2

Ben Chinowsky (scribe) - Internet2

*Discussion*

The meeting opened with a brief discussion of the NSF's middleware solicitation. The solicitation is now available at http://www.nsf.gov/cgi-bin/getpub?nsf0163; Ken is part of a team working on a white paper to accompany it.

Ken sent the list a draft proposal for a PKI Labs workshop. [AI] All will provide feedback on Ken's workshop proposal. Questions Ken would particularly like answered are: Is holding a workshop like this even a good idea? Who should be on the program committee? Are the suggested topics the right ones? Ken noted that the workshop proposal is motivated by the need to look at the big picture in order to ensure that we enable general-purpose PKI, not just niche versions of it, and that all the pieces fit together. We also need to ask if we are confident that X.509 is the right path, or if on the other hand we should be taking a closer look at attribute certs, CDSA, SPKI and other alternatives; there is also the still broader question of what people really want from a distributed security infrastructure. Ken knows of no other plans for conferences to take such a long-term, big-picture look at PKI; he suggests an aggressive timeline including a solicitation in mid-spring, a proposal deadline in late spring, and the workshop itself in June. Keith noted that the PKI Labs is the only group he knows of in which proponents of X.509 and a variety of alternative approaches talk to one another regularly.

[AI] Carl will contact Keith and Eric about working on translation between KeyNote/SPKI/XML and canonical LISP S-expressions.

There was a long discussion of role- and task-based access control (RBAC and TBAC). Ed suggested that the PKI Labs workshop discuss how traditional security infrastructures could make use of RBAC and TBAC, and called the group's attention to several related articles:
- Eugene H. Spafford et al. 2001. "Digital Government Security Infrastructure Design Challenges". Computer, IEEE Press, Volume 34, Number 2. February 2001. pp. 66-72.
- R.S. Sandhu, et.al. 2000. "The NIST model for Role-Based Access Control: Towards A Unified Standard". 5th ACM Workshop on Role-Based Access Control, ACM Press, New York, 2000. pp. 47-60.
- R.K. Thomas and R.S. Sandhu, 1994. "Conceptual Foundations for a model of Task-Based Authorizations." The Proc. 7th Computer Security Foundations Workshop. IEEE CS Press, Los Alamitos, CA, June 1994, pp.66-79.
- W.E. Kuhnhauser and M.K.Ostrowski. 1995. "A Formal Framework to Support Multiple Security Policies." Proc. 7th Canadian Computer Security Symposium. Communication Security Establishment Press, Ottawa CA. pp. 1-19.
The principal challenges to RBAC are 1) how to convey the attributes and 2) how to enforce them once they've made it to the other side. Keith noted that "everything is starting to look like messages and policies to me", and there was general agreement on this way of looking at the problem. [AI] Eric and Keith will provide a short description of their slowly-concretizing authorization work.

Miron and Ed stressed the importance of ongoing work on adapting existing infrastructure to X.509, and in particular managing the transition from Kerberos to X.509. Carl noted that he's investigated implementing RBAC with SPKI and found two ways to do it, but that in deployment he'd found RBAC to be "too heavy a club", ending up needing a separate role for each person. Eric defined a role as "a claim about some privilege you have", and there was consensus on this definition. Cliff pointed the group to http://www.isi.edu/~tryutov/papers/discex2000.html and http://www.isi.edu/people/bcn/papers/pdf/9305_proxy-pbaa-neuman-icdcs93.pdf for information on some of his work on access control. Bob Morgan called attention to work on privacy concerns that are raised by the interdomain exchange of attributes or credentials; see:
- http://schafercorp-ballston.com/discex/Discex_briefs/TrustNegotiation/trustnegotiation.htm
- http://www.pgp.com/research/nailabs/distributed/darpa00-trust.asp
- http://www.transarc.com/~trg/TrustManagement/
Ed observed that even if you avoid using ID certs, using the same public key in each cert amounts to using an identifier. From the standpoint of delegation, especially multiple delegation, it's necessary to be very careful about what is "let out of the box"; an important question is if and how a user can provide a policy for future delegation. In this connection Keith called attention to Ben Grosof's paper on "An Approach to using XML and a Rule-based Content Language with an Agent Communication Language", available at http://www.research.ibm.com/rules/papers.html. Steganography, defined by Ross Anderson as "the art of hiding messages in other messages", may have something to contribute here; see http://www.cl.cam.ac.uk/~rja14/#Tempest.

Neal noted the appearance of an interesting John Gilmore rant against copy protection in general and TCPA in particular; see http://www.toad.com/gnu/whatswrong.html.

Next were brief updates on current work at Wisconsin and Dartmouth. Miron noted that the Wisconsin group had had a good visit with Sean; they discussed secure coprocessors, identifying existing work and exploring how the PKI Labs might build on it. Wisconsin plans to continue using ClassAds (http://www.cs.wisc.edu/condor/classad/) to express policy within Condor, and is continuing to work with Argonne on expressing policies in distributed environments. The Akenti project (http://www-itg.lbl.gov/Akenti/) has some interesting approaches to usage policies, and Wisconsin has worked with them to compare scheduling and authorization methods. [AI] Miron will ask Todd for references to work on policy languages.

Ed reported that Dartmouth is "still working on acquiring tools and deciding what we want to work on". Ed has been looking into the implications of the browser paradigm for PKI; he is interested in finding out how browsers need to be modified in order for users to be able to have a security policy for handing out information on themselves. Ed is also interested in prioritizing policies -- which ones do we *really* want to be able to enforce?

Finally, Bob Moskowitz introduced his work on Host Identity Payload, or HIP (http://homebase.htt-consult.com/~hip/). HIP is a new cryptographic namespace for hosts, or, strictly speaking, for stacks on hosts. In HIP, host identities are public keys. HIP completely decouples the internet layer from the layers above it, thereby restoring address-realm transparency; IP becomes just a way to get packets to their endpoints. Moskowitz noted that work on IPSec multicast could be coopted to extend HIP to produce the "virtual enclaves" -- subnets of hosts protected from the rest of the world -- that Ed is interested in. Moskowitz expressed his confidence that HIP can protect from a man-in-the-middle attack in which the attacker is anonymous and the host is known. HIP is initially assuming DNSSEC as the PKI. Both ephemeral anonymous keys and multiple simultaneous anonymous keys are possible with HIP.

Jeff expressed reservations about HIP's reliance on DNSSEC, describing DNSSEC as "another PKI" with all the problems thereof, including that described by "Jeff's law of hierarchies: when we create hierarchies, we create reptiles." Steve Bellovin and Bob Morgan strongly recommended Randy Bush's talk on the overloading of DNS: http://psg.com/~randy/001213.ietf-dns/. Steve Bellovin pointed the group to work he's done on "Transient Addressing for Related Processes: Improved Firewalling by Using IPV6 and Multiple Addresses per Host" (http://www.research.att.com/~smb/papers/tarp.pdf), as well as RFC 3041, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", by Narten and Draves.

The next call is scheduled for 90 minutes beginning at 11:00 EST on March 5.

*Action Items*

[AI] All will provide feedback on Ken's workshop proposal.
[AI] Carl will contact Keith and Eric about working on translation between KeyNote/SPKI/XML and canonical LISP S-expressions.
[AI] Eric and Keith will provide a short description of their slowly-concretizing authorization work.
[AI] Miron will ask Todd for references to work on policy languages.