IBAKE: Identity-Based Authenticated Key Exchange
draft-cakulev-ibake-06
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
06 | (System) | post-migration administrative database adjustment to the No Objection position for Robert Sparks |
2012-08-22
|
06 | (System) | post-migration administrative database adjustment to the No Objection position for Pete Resnick |
2012-08-22
|
06 | (System) | post-migration administrative database adjustment to the No Objection position for Jari Arkko |
2012-08-22
|
06 | (System) | post-migration administrative database adjustment to the No Objection position for Adrian Farrel |
2011-12-02
|
06 | Cindy Morgan | State changed to RFC Ed Queue from Approved-announcement sent. |
2011-11-13
|
06 | (System) | New version available: draft-cakulev-ibake-06.txt |
2011-11-13
|
06 | Cindy Morgan | IESG state changed to Approved-announcement sent |
2011-11-13
|
06 | Cindy Morgan | IESG has approved the document |
2011-11-13
|
06 | Cindy Morgan | Closed "Approve" ballot |
2011-11-13
|
06 | Cindy Morgan | Approval announcement text changed |
2011-11-13
|
06 | Cindy Morgan | Approval announcement text regenerated |
2011-11-13
|
06 | Cindy Morgan | Ballot writeup text changed |
2011-11-12
|
06 | Pete Resnick | [Ballot Position Update] Position for Pete Resnick has been changed to No Objection from Discuss |
2011-11-12
|
06 | Adrian Farrel | [Ballot comment] My Discuss was discussed and the note removed. |
2011-11-12
|
06 | Adrian Farrel | [Ballot Position Update] Position for Adrian Farrel has been changed to No Objection from Discuss |
2011-11-12
|
06 | Robert Sparks | [Ballot comment] Thanks for revising the rfc editor note |
2011-11-12
|
06 | Robert Sparks | [Ballot Position Update] Position for Robert Sparks has been changed to No Objection from Discuss |
2011-11-03
|
06 | Cindy Morgan | Removed from agenda for telechat |
2011-11-03
|
06 | Cindy Morgan | State changed to IESG Evaluation::AD Followup from IESG Evaluation. |
2011-11-03
|
06 | Sean Turner | Ballot writeup text changed |
2011-11-03
|
06 | Jari Arkko | [Ballot comment] I think this document is in disagreement with what was said earlier on RFC 6267. Specifically, some of text that we added … [Ballot comment] I think this document is in disagreement with what was said earlier on RFC 6267. Specifically, some of text that we added to balance the benefits and characteristics of IBAKE in RFC 6267 does not appear in this draft. The IESG has decided to have no problem with the publication of this draft, but I would still personally strongly suggest that the text in question should be fixed. More specifically, shouldn't this document have the same kind of additions done as we did for RFC 6267? E.g., the latter says: With the self-expiration of the public identities, the traditional real-time validity verification and revocation is not required. For example, if the public identity is bound to one day, then, at the end of the day, the Public/Private Key pair issued to this peer will simply not be valid anymore. Nevertheless, just like with Public-Key-based certificate systems, if there is a need to revoke keys before the designated expiry time, communication with a third party will be needed. but the current draft says: With the self-expiration of the private keys, the traditional real time validity verification and revocation is not required. |
2011-11-03
|
06 | Jari Arkko | [Ballot Position Update] Position for Jari Arkko has been changed to No Objection from Discuss |
2011-11-03
|
06 | Jari Arkko | [Ballot discuss] Shouldn't this document have the same kind of additions done as we did for RFC 6267? E.g., the latter says: With … [Ballot discuss] Shouldn't this document have the same kind of additions done as we did for RFC 6267? E.g., the latter says: With the self-expiration of the public identities, the traditional real-time validity verification and revocation is not required. For example, if the public identity is bound to one day, then, at the end of the day, the Public/Private Key pair issued to this peer will simply not be valid anymore. Nevertheless, just like with Public-Key-based certificate systems, if there is a need to revoke keys before the designated expiry time, communication with a third party will be needed. but the current draft says: With the self-expiration of the private keys, the traditional real time validity verification and revocation is not required. |
2011-11-03
|
06 | Jari Arkko | [Ballot Position Update] New position, Discuss, has been recorded |
2011-11-03
|
06 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded |
2011-11-03
|
06 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded |
2011-11-02
|
06 | Pete Resnick | [Ballot discuss] I agree with Adrian and Robert that the current IESG Note is confusing and I'm not sure what we're trying to say in … [Ballot discuss] I agree with Adrian and Robert that the current IESG Note is confusing and I'm not sure what we're trying to say in it. That said, I'm also a bit concerned that this document *is* trying to extend IETF protocol (EAP?) and therefore should go through IETF process. It sounds like we suspect that IETF Review would fail to garner consensus, but that's not a reason to give the ISE a go-ahead. I may be confused on the meaning of 5742 in this regard, so I'd like to discuss. |
2011-11-02
|
06 | Pete Resnick | [Ballot Position Update] New position, Discuss, has been recorded |
2011-11-02
|
06 | Robert Sparks | [Ballot discuss] The additional note in the proposed response doesn't make sense for an ISE document. Based on conversations with Sean, it was based on … [Ballot discuss] The additional note in the proposed response doesn't make sense for an ISE document. Based on conversations with Sean, it was based on a similar note placed in an IETF stream document. The boilerplate for the ISE stream documents will already say: Independent Stream: "This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment." The current proposed additional note ("Due to its specialized nature, this document experienced limited review within the IETF.") implies that there was some IETF review beyond the 5742 review for conflict, and could imply that _other_ documents get more IETF review. These documents get no such IETF review beyond the conflict review called out in RFC 5742. |
2011-11-02
|
06 | Robert Sparks | [Ballot Position Update] New position, Discuss, has been recorded |
2011-11-02
|
06 | Amanda Baber | We understand that this document does not require any IANA actions. |
2011-11-02
|
06 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded |
2011-11-02
|
06 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded |
2011-11-02
|
06 | Stephen Farrell | [Ballot comment] - I agree with the proposed IESG note, but I guess we need to figure out (with the ISE?) how to properly state … [Ballot comment] - I agree with the proposed IESG note, but I guess we need to figure out (with the ISE?) how to properly state that. - another case where the IPR declaration refers to a "standard" but this isn't going to be one. - section 1, Public key protocols do not require "large scale" PKI, as clearly demonstrated by the success of ssh. The statement is incorrect. - section 1, No evidence is give for the assertion that a PKG is "simple." Personally, I doubt that and the word's not needed in any case. Suggest s/simple// - section 1, Many IBE schemes have claimed that including dates in names avoids revocation issues. However, afaik, no one has actually done this in the wild so this claim is also just a bare assertion since the usability issues related to this idea are essentially untested. - section 2.1, IBE does not allow a public key to be calculated from an identity. IBE requires an identity *and* a set of PKG parameters in order to generate a public key. Truth-in-advertising would be better here. - Its not clear to me that two implementations of this would interoperate. That may or may not be the case, but I guess additional specification would be required. It would be good to say more about what'd be needed for that. - Its not really possible to evaluate the security claims of this protocol as part of a 5742 review. It'd be good if a statement to that effect were included. I'm not doubting the security claims, but they have not been exposed to wide spread review which would be needed were something like this to come out of the IETF track. - Its hard to see how 2119 is the only normative reference here. - typo: s/Privet/Private/ |
2011-11-02
|
06 | Stephen Farrell | [Ballot Position Update] New position, No Objection, has been recorded |
2011-11-01
|
06 | Adrian Farrel | [Ballot discuss] Before moving to No Objeciton, I would like to spend time on the call Discussing the proposed IESG note on the basis that … [Ballot discuss] Before moving to No Objeciton, I would like to spend time on the call Discussing the proposed IESG note on the basis that this is not an IETF document (coming through the ISE) and so it would not be expected that it received any IETF review compared to other Informational RFCs. Furthermore, ISE documents normally carry a standard disclaimer that "this is not the work of the IETF" I suppose my point is: what message is the IESG note trying to send? |
2011-11-01
|
06 | Adrian Farrel | [Ballot discuss] I would like to spend time on the call Discussing the proposed IESG note on the basis that this is not an IETF … [Ballot discuss] I would like to spend time on the call Discussing the proposed IESG note on the basis that this is not an IETF document (coming through the ISE) and so it would not be expected that it received any IETF review compared to other Informational RFCs. Furthermore, ISE documents normally carry a standard disclaimer that "this is not the work of the IETF" I suppose my point is: what message is the IESG note trying to send? |
2011-11-01
|
06 | Adrian Farrel | [Ballot Position Update] New position, Discuss, has been recorded |
2011-10-31
|
06 | Stewart Bryant | [Ballot comment] I am voting No Objection on the basis of the IESG note and a quick check that this draft has no routing implications. |
2011-10-31
|
06 | Stewart Bryant | [Ballot comment] I am voting No Objection on the IESG note and a quick check that this draft has no routing implications. |
2011-10-31
|
06 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded |
2011-10-27
|
06 | Sean Turner | [Ballot Position Update] New position, Yes, has been recorded for Sean Turner |
2011-10-27
|
06 | Sean Turner | Ballot has been issued |
2011-10-27
|
06 | Sean Turner | Created "Approve" ballot |
2011-10-27
|
06 | (System) | Ballot writeup text was added |
2011-10-27
|
06 | (System) | Last call text was added |
2011-10-27
|
06 | (System) | Ballot approval text was added |
2011-10-20
|
06 | Cindy Morgan | IESG TO |
2011-10-20
|
06 | Cindy Morgan | IETF state changed to Submitted to IESG for Publication from Call For Adoption By WG Issued |
2011-10-20
|
06 | Cindy Morgan | ISE Stream |
2011-10-20
|
06 | Cindy Morgan | Stream changed to ISE from IETF |
2011-10-20
|
06 | Cindy Morgan | ISE Stream |
2011-10-20
|
06 | Cindy Morgan | IETF state changed to Call For Adoption By WG Issued from WG Document |
2011-10-20
|
06 | Sean Turner | State changed to IESG Evaluation from Publication Requested. |
2011-10-19
|
06 | Cindy Morgan | State Change Notice email list has been changed to violeta.cakulev@alcatel-lucent.com, ganesh.sundaram@alcatel-lucent.com, draft-cakulev-ibake@tools.ietf.org, rfc-ise@rfc-editor.org from violeta.cakulev@alcatel-lucent.com, ganesh.sundaram@alcatel-lucent.com, draft-cakulev-ibake@tools.ietf.org |
2011-10-19
|
05 | (System) | New version available: draft-cakulev-ibake-05.txt |
2011-10-18
|
06 | Sean Turner | Ballot writeup text changed |
2011-10-18
|
06 | Sean Turner | Telechat date has been changed to 2011-11-03 from 2011-10-20 |
2011-10-18
|
06 | Sean Turner | Responsible AD has been changed to Sean Turner from Russ Housley |
2011-10-17
|
06 | Amy Vezza | The draft draft-cakulev-ibake-04.txt is ready for publication from the Independent Stream. Please ask IESG to review it, as set out in RFC 5742. The … The draft draft-cakulev-ibake-04.txt is ready for publication from the Independent Stream. Please ask IESG to review it, as set out in RFC 5742. The following is some background for this draft, please forward it to IESG along with this request ... This draft's abstract says: "Cryptographic protocols based on public key methods are based on certificates and large scale public key infrastructure (PKI) to support certificate management. The emerging field of Identity Based Encryption protocols allows to simplify the infrastructure requirements via a Private-key Generator (PKG) while providing the same flexibility. However one significant limitation of Identity Based Encryption methods is that the PKG can end up being a de-facto key escrow server with undesirable consequences. Another observed deficiency is a lack of mutual authentication of communicating parties. Here, Identity Based Authenticated Key Exchange (IBAKE) Protocol is specified which does not suffer from the key escrow problem and in addition provides mutual authentication and a perfect forward and backwards secrecy." It was reviewed by Jim Schaad, who pointed out two typos: Section 3.2 OLD o The Responder selects a random y and computes yP. The Responder MUST use a fresh, random value for x on each run of the protocol NEW o The Responder selects a random y and computes yP. The Responder MUST use a fresh, random value for y on each run of the protocol i.e. substitute y for x (!) and s/Privet Key/Private Key/ I'll ask the authors for a new version to fix those, as well as to address any IESG comments that may arise. Thanks, Nevil (ISE) |
2011-10-17
|
06 | Amy Vezza | Draft added in state Publication Requested |
2011-10-17
|
06 | Amy Vezza | Placed on agenda for telechat - 2011-10-20 |
2011-04-20
|
04 | (System) | New version available: draft-cakulev-ibake-04.txt |
2011-03-07
|
03 | (System) | New version available: draft-cakulev-ibake-03.txt |
2010-09-14
|
02 | (System) | New version available: draft-cakulev-ibake-02.txt |
2010-07-16
|
(System) | Posted related IPR disclosure: Alcatel Lucent's Statement about IPR related to draft-cakulev-ibake-01 | |
2010-04-19
|
01 | (System) | New version available: draft-cakulev-ibake-01.txt |
2009-10-19
|
00 | (System) | New version available: draft-cakulev-ibake-00.txt |