Minutes of the Open Pluggable Edge Services WG (opes) Time: Tuesday, 2002-07-16, 1700-1800, room 502 Chairs: Markus Hofmann, Marshall Rose Minutes: Marshall Rose 1. Introduction, minutes taker, blue sheets The chair introduced the agenda, and asked for some to take minutes. A volunteer was indentured. 2. Agenda bashing No changes to the agenda were suggested. 3. Discussion of WG documents 3a. Abbie Barber presented an overview of the "An Architecture for Open Pluggable Edge Services" document (draft-ietf-opes-architecture-02.txt). The speaker noted that addressing the IAB architectural considerations document (RFC 3238) was the core philosophy for writing this document. As such, the speaker examined the architectural document in the context of the individual points enumerated in RFC 3238. The speaker addressed the current set of issues on the mailing list along with the current thinking, and concluded that there weren't any open issues remaining... although, some of the more detailed IAB issues are delegated to other OPES documents. There was concern that the documents didn't adequately differentiate between content consumers and providers, and, as such, some issues may be settled in ways that may not be appropriate for content consumers, e.g., the architectural document introduces the notion of tracing to address some of the IAB issues, but a content consumer may not want a content provider to know that the consumer has fielded an OPES intermediary. It was agreed that the architectural document should be revised to make issues like this more clear. 3b. The speaker then presented an overview of the "OPES Use Cases and Deployment Scenarios" document (draft-ietf-opes-scenarios-00.txt), in particular noting the taxonomy of OPES services, and how various scenarios illustrated the requests associated with those services. The same concern regarding a lack of consumer/provider differentiation was raised. In particular, more use cases should be presented with respect to tracing. It was noted that this document is written from the perspective of an OPES processor, so perhaps this lack of differentiation is appropriate for the use cases. 3c. Markus Hofmann presented an overview of the "Requirements for OPES Callout Protocols" document (draft-ietf-opes-protocol-reqs-01.txt). The document is strucutred as a checklist, followed by more detailed text explaining various requirements. Four issues were raised on the mailing list: 1. Should the draft allow unencrypted communications in the same "trusted" domain? suggested resolution: yes discussion: deciding what "trusted" means is perhaps problematic. 2. Is an explicit keep-alive mechanism a MUST or a SHOULD requirement, e.g., if the protocol has another way of doing this, should this be allowed instead? suggested resolution: MUST 3. Should endpoint authorization information be communicated to the callout server, or should the OPES processor be solely responsible for performing authorization. suggested resolution: allow discussion: it is too restricting to prevent callout servers from performing authorization. recall the end-to-end problem. 4. Should chaining allow and specify requirements for chaining? suggested resolution: none yet. The author reviewed the two IAB issues that are germane to the callout protocol requirements draft. 3e. For these three drafts, the chairs asked the audience to (re-)read them carefully and comment to the mailing list, as the next revision of these documents will likely be submitted to the IESG for publication as informational RFCs. The chairs also noted that the group makes progress in spurts, and that we need another growth spurt in order to get these drafts over the wall to the IESG. There was a second discussion on the impact of the IAB considerations, and whether some decisions being made, whilst consistent with the considerations, were unfriendly to the market place. It was noted that while "the constitution is not a suicide pact", deviations from the IAB considerations need to be adequately and convincingly documented. 4. Next documents to be worked on 4a. Bindignavile Srinivas presented an discussion of the "Security Threats and Risks for OPES" (draft-srinivas-opes-threats-00.txt) document. After reminding the audience as to the OPES enviornment, the speaker discussed the security threats, particularly in the context of RFC 3238: - OPES device false (de)registration - OPES device spoofing - Replay attack - OPES device security during fail-over - Message integrity - Data Confidentiality - Denial of service - Repudation For each threat, the speaker explained how the threat occurs, the effect, and a proposed solution. Finally, the speaker suggested this draft, an individual submission, be used as the basis of a working group document. The chairs indicated that a subteam will be formed to develop a document that's consistent with the existing working group documents, and that subteam will take this individual submission as input. It was suggested that there is another threat possible, given that intermediaries may be used for security purposes (e.g., virus detection), if an intermediary is disabled, then content consumers may be at risk. If end-to-end encryption is a solution to some of these threats, where are the ends? If the content consumer/provider, then what assurance is there that modifications made by intermediaries are trustworthy? More work should be spent on identifying where the trust relationships are with any end-to-end encryptions. 4b. Markus Hofmann explained the status and next steps for an as-yet-unwritten document on "Endpoint Authorization and Enforcement Requirements" that was supposed be completed on April 2nd of this year. As with the "Security Threats" document, a design team needs to be formed to get started on the document. However, we'll need some help from the folks who are familiar with the IETF policy framework. D E A R S A A G, P L E A S E H E L P 5. Closing Adjourn.