Minutes of the Open Pluggable Edge Services WG (opes)
Time: Tuesday, 2002-07-16, 1700-1800, room 502
Chairs: Markus Hofmann, Marshall Rose
Minutes: Marshall Rose
1. Introduction, minutes taker, blue sheets
The chair introduced the agenda, and asked for some to take minutes. A volunteer
was indentured.
2. Agenda bashing
No changes to the agenda were suggested.
3. Discussion of WG documents
3a. Abbie Barber presented an overview of the "An Architecture for Open
Pluggable Edge Services" document (draft-ietf-opes-architecture-02.txt).
The speaker noted that addressing the IAB architectural considerations document
(RFC 3238) was the core philosophy for writing this document. As such, the
speaker examined the architectural document in the context of the individual
points enumerated in RFC 3238.
The speaker addressed the current set of issues on the mailing list along with
the current thinking, and concluded that there weren't any open issues
remaining... although, some of the more detailed IAB issues are delegated to
other OPES documents.
There was concern that the documents didn't adequately differentiate between
content consumers and providers, and, as such, some issues may be settled in
ways that may not be appropriate for content consumers, e.g., the architectural
document introduces the notion of tracing to address some of the IAB issues, but
a content consumer may not want a content provider to know that the consumer has
fielded an OPES intermediary. It was agreed that the architectural document
should be revised to make issues like this more clear.
3b. The speaker then presented an overview of the "OPES Use Cases and Deployment
Scenarios" document (draft-ietf-opes-scenarios-00.txt), in particular noting the
taxonomy of OPES services, and how various scenarios illustrated the requests
associated with those services.
The same concern regarding a lack of consumer/provider differentiation was
raised. In particular, more use cases should be presented with respect to
tracing. It was noted that this document is written from the perspective of an
OPES processor, so perhaps this lack of differentiation is appropriate for the
use cases.
3c. Markus Hofmann presented an overview of the "Requirements for OPES Callout
Protocols" document (draft-ietf-opes-protocol-reqs-01.txt).
The document is strucutred as a checklist, followed by more detailed text
explaining various requirements.
Four issues were raised on the mailing list:
1. Should the draft allow unencrypted communications in the same "trusted"
domain?
suggested resolution: yes
discussion: deciding what "trusted" means is perhaps problematic.
2. Is an explicit keep-alive mechanism a MUST or a SHOULD requirement, e.g., if
the protocol has another way of doing this, should this be allowed instead?
suggested resolution: MUST
3. Should endpoint authorization information be communicated to the callout
server, or should the OPES processor be solely responsible for performing
authorization.
suggested resolution: allow
discussion: it is too restricting to prevent callout servers from performing
authorization. recall the end-to-end problem.
4. Should chaining allow and specify requirements for chaining?
suggested resolution: none yet.
The author reviewed the two IAB issues that are germane to the callout protocol
requirements draft.
3e. For these three drafts, the chairs asked the audience to (re-)read them
carefully and comment to the mailing list, as the next revision of these
documents will likely be submitted to the IESG for publication as informational
RFCs. The chairs also noted that the group makes progress in spurts, and that we
need another growth spurt in order to get these drafts over the wall to the
IESG.
There was a second discussion on the impact of the IAB considerations, and
whether some decisions being made, whilst consistent with the considerations,
were unfriendly to the market place. It was noted that while "the constitution
is not a suicide pact", deviations from the IAB considerations need to be
adequately and convincingly documented.
4. Next documents to be worked on
4a. Bindignavile Srinivas presented an discussion of the "Security Threats and
Risks for OPES" (draft-srinivas-opes-threats-00.txt) document. After reminding
the audience as to the OPES enviornment, the speaker discussed the security
threats, particularly in the context of RFC 3238:
- OPES device false (de)registration
- OPES device spoofing
- Replay attack
- OPES device security during fail-over
- Message integrity
- Data Confidentiality
- Denial of service
- Repudation
For each threat, the speaker explained how the threat occurs, the effect, and a
proposed solution.
Finally, the speaker suggested this draft, an individual submission, be used as
the basis of a working group document. The chairs indicated that a subteam will
be formed to develop a document that's consistent with the existing working
group documents, and that subteam will take this individual submission as input.
It was suggested that there is another threat possible, given that
intermediaries may be used for security purposes (e.g., virus detection), if an
intermediary is disabled, then content consumers may be at risk.
If end-to-end encryption is a solution to some of these threats, where are the
ends? If the content consumer/provider, then what assurance is there that
modifications made by intermediaries are trustworthy? More work should be spent
on identifying where the trust relationships are with any end-to-end
encryptions.
4b. Markus Hofmann explained the status and next steps for an as-yet-unwritten
document on "Endpoint Authorization and Enforcement Requirements" that was
supposed be completed on April 2nd of this year.
As with the "Security Threats" document, a design team needs to be formed to get
started on the document. However, we'll need some help from the folks who are
familiar with the IETF policy framework.
