[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
OSE Implementors Workshop Sec-Sig: Draft Minutes
SEC-SIG 94-08
DRAFT
#34 OSE Implementors Workshop Security SIG Minutes
June 14 -16, 1994
1.0 General Information
1.1 Meeting Date and Location
June 14 -16, 1994
NIST, Gaithersburg, Maryland
1.2 SIG Officers
Chair: Richard Ankney
Fischer International (703)818-0713
Richard.Ankney@emc2-tao.fisc.com
Vice-Chair: John Hooder
ITAC/DASN,
Washington D.C. (202)433-4745
Secretary: Position Open
Editors: Mohammad Mirhakkak Ph.D.
MITRE Corp
(703)883-7820
mmirhakk@mitre.com
1.3 Security SIG Voting Rules
1. There is one vote for each company or each independent
division.
2. Only companies that regularly attend (SEC-SIG's
interpretation: Attend two of the last three meetings,
including the current one) should vote.
3. Only companies that plan to sell or buy a protocol should
vote on its implementation decisions.
4. Only companies knowledgeable of the issues should vote.
5. No proxy votes are admissible.
1.4 Tentative Dates of Future Meetings
#35--September 12-16, 1994 #36--December 12-16, 1994
#37--March 13-17,1995 #38--June 12-16, 1995
1.5 Electronic Mailing List
There is an electronic mailing list for minutes distribution
(secsig@monkfish.nosc.mil). Everyone is asked to provide his/her
electronic mailing address on the attendee list. Attendees are
added to the mailing list. If you want to be a member of the
NIST OSI Security SIG electronic mailing list, please send a
message to "secsig-request@monkfish.nosc.mil". Contributions to
this list should be addressed to "secsig@monkfish.nosc.mil".
1.6 Document Register
Every document handed out must have an assigned number "SEC-SIG
94-XX" (where XX is a number starting from 1). Please get a
number from the chair if you want to distribute a document.
2.0 Opening Plenary
2.1 Welcome and Announcements
Opening plenary was led by Richard Ankney. Members from various
standards committees gave liaisons reports.
2.2 Minutes
The minutes of the March workshop are to be reviewed for
approval at the closing Plenary. Amy Reiss took the minutes for
this workshop.
2.3 Agenda
The agenda was developed for the remaining workshop sessions.
Tuesday AM Opening Plenary
New Business
Tuesday PM Joint Session with NM-SIG
Wednesday AM/PM Joint Session with MMS SIG
Joint Session with RDA SIG
Joint Session with OSE-TC (Rich)
Thursday AM Closing Plenary
2.4 New Business
Amy Reiss proposed that section 9.2 be created in the working
agreements that would deal Security Associations (SA) and
Security Association Management Protocols (SAMP). She presented
a text contribution regarding this new topic and the group went
through and edited the text. Next, Rich determined how section
9.2 should be presented and tasks were assigned accordingly:
Section 9.2.1 Overview (current contribution), Section 9.2.2
Layer Specific Security Association Protocols (Action: Dale
Walters) Section 9.2.3 IEEE KMP (Action: Amy Reiss), Section
9.2.4 X9.41 Security Services Management for the Financial
Services Industry (Action: Rich Ankney), Section 9.2.5 ISP.421
Security Association Management Protocol (Action: Amy Reiss).
In addition, SEC-SIG members were tasked to gather a core set
of attributes that need to be negotiated by a SAMP. Dale
Walters will generate the interoperability set of attributes.
Rich Ankney will generate the private sector set of attributes.
Amy Reiss will generate the gove
3.0 Presentations and Tutorials
There were no presentations or tutorials for the SEC-SIG during
the June workshop.
4.0 OIW SIGs Activities
4.1 OSE-TC
During this workshop, Rich Ankney worked with the OSE-TC
regarding security issues with Electronic Commerce. Rich
contributed a paper on security for electronic commerce,
focusing on the use of crypto for Email security. There was
concern about the use of certificates with the lack of a
certificate infrastructure. In addition, there was also an
interest for signed receipt capabilities. The group still needs
to put together a list of algorithm suites (i.e., NIST suite,
PEM suite, and X9 suite).
4.2 Manufacturing Messages Specification
At prior workshops the SEC-SIG recommended GULS for the full
configuration and NLSP for the limited configuration to the
MMS-SIG in order to secure both MMS communities (i.e., the
utility-to-utility communications (UU) and the
utility-to-customer (UC) communications). At the June workshop
the SEC-SIG also recommended the use of the Secure Data
Exchange (SDE) protocol from the IEEE 802.10 standard. This
would provide confidentiality, integrity, authentication, and
access control at the LLC layer 2. Since both communities will
have LLC in their network configuration, this solution could be
used for both communities instead of two separate solutions. By
using the IEEE SDE, the MMS-SIG could also use the IEEE Key
Management Protocol (KMP) when it is completed. The MMS-SIG
asked for copies of the SDE standard; however, it is a
completed IEEE standard and is copyrighted. This issue will
have to be resolved. The MMS-SIG would also like an official
statement/recommendation from the SEC-SIG regarding PGP. Thi
4.3 Remote Data Access
The RDA-SIG is currently working issues regarding the handling
of authentication with respect to RDA. The NIST document,
"Recommendation of a Protected Authentication Mechanism for the
Remote Database Access (RDA) Project", was distributed.
Basically, this document proposed a short-term and long-term
solution for RDA authentication. The short-term recommendation
is the use of a hashing algorithm to prevent the transmission
of unencrypted passwords. Rich Ankney stated that in addition
to this, measures should be taken to ensure that passwords are
not stored in plaintext. The X.511 Directory Bind was
recommended to accomplish this. For the long term
recommendation there were two alternatives: Secret Key
Encryption and Public Key Encryption. Rich recommended the
Public Key Encryption using DSS for strong authentication. Rich
also pointed out that in the stable agreements the use of
authentication in ACSE is included for the NM-SIG and could
also be used by the RDA-SIG.
4.3 Network Management
There was a concern by the NM-SIG that more work needs to be
done in regards to the management of GULS. After a brief
discussion it was determined that there was no more work left
in this area. The NM-SIG will ask Lee LeBarre to make sure if
there were anymore open issues regarding the management of
GULS.
The SEC-SIG distributed the X/OPEN Security Document provided
by Joe Sonsini.
The NM-SIG wanted to know how the SAMP work was progressing.
It was stated that Security Association text was being added
to the agreements and SAMP text would be added at the next
workshop. The SEC-SIG would like the NM-SIG to review this
text.
The NM-SIG asked the SEC-SIG to review the comments for the
other workshops on pDISP 10164-7 "Security Alarm Reporting,"
and pDISP 10164-8 "Security Audit Trail." The NM-SIG asked for
a volunteer to be the editor of pDISP 10164-9 "Objects and
Attributes for Access Control." However, the SEC-SIG was not
able to provide one.
After assessing the impact of the technical correction of the
Secure Hash Algorithm (SHA), the decision to correct the
agreements was made to add a new object identifier for the
fix. The new OID will be called SHA1 and will be fixed in the
Security agreements (Part 12). In addition, the GNMP will be
affected by the changed. It was recommended that the NM-SIG
makes sure that the GNMP aligns to the SHA1 fix.
5.0 Closing Plenary
Rich Ankney led the Thursday morning closing plenary. The
following are the approved motions and votes:
The minutes for the March 1994 workshop were approved.
Y=4, N=0, A=0
Section 7.5 and Annex D: Move from WIA to SIA signature and
OIDs for the following:
RSA signature with MD5
RSA signature with MD2.
Y=3, N=0, A=1
Section 7 and Annex D: Add to WIA Algorithms and OIDs for the
following:
SHA1
DSA with SHA1
DSA with SHA1 with common parameters,
RSA signature with SHA1
Y=4, N=0, A=0
Section 9.2: Add to WIA new text regarding Security
Associations and SAMP
Y=4, N=0, A=0
ANNEX I: Document List
SEC-SIG 94-01: US Ballot Response on ISO/IEC DIS 11586-1 GULS Part 1.
SEC-SIG 94-02: OIW Security SIG Minutes, March 1994 Workshop.
SEC-SIG 94-03: Security Association Text Contribution for WIA 9.2.
SEC-SIG 94-04: EWOS EGSEC Work Programme Slides, Roy Cadwallader.
SEC-SIG 94-05: ISO JTC1/SC27/WG1 N443, Output from Trondheim Meeting --
Security Information Objects.
SEC-SIG 94-06: X/Open Guide - Distributed Security Frameworks Draft 3.
SEC-SIG 94-07: Recommendation of a Protected Authentication Mechanism
for the RDA Project, Dray & Foti.
SEC-SIG 94-08: OIW Security SIG Minutes, June 1994 Workshop.