Session Date/Time: 10 Nov 2022 15:30

dance

Summary

The dance IETF working group session covered the current document status, working group activity levels, and presentations on architecture and use cases. Two documents, "TLS DANE Client ID" and "DANE Client ID Certificate," have entered last call. Discussions focused on refining the architecture document, exploring various use cases (including those involving end users and IoT devices), and addressing privacy considerations. There was also a discussion about potential interim meetings.

Key Discussion Points

Architecture Document Refinement: Ole Johansson presented ideas on restructuring the architecture document into a general overview, separate documents for secure dance, protocol implementation requirements, and protocol-specific examples. Concerns were raised about its current unstructured nature and the lack of a clear problem statement in the use cases section.
Namespace Considerations: A discussion arose about the flat namespace currently described in the documents and the potential need for a hierarchical structure, especially with a large number of entries.
Privacy Implications: Protecting user privacy when using DANE was discussed, with suggestions to explore hashing techniques in DNS.
Ownership Transfer: The meeting participants considered handling the transfer of device ownership, as well as what zone a device ID should be created in.
Last Call Documents: Feedback on the TLS DANE Client ID and DANE Client ID Certificate documents was requested, with emphasis on indicating needed changes or explicit support.
Implementation Status and Challenges: The chairs inquired about implementation progress and encountered challenges. The meeting participants suggested that a new Dane usage mode and selector might be defined.
LoRaWAN Use Case: Sandosha presented a LoRaWAN use case highlighting challenges with traditional PKI and how DANE could provide a solution for mutual authentication in a federated environment.
Application Layer Authentication: Shimon discussed the option of performing DANE-based authentication at the application layer using TLS exported authenticators.

Decisions and Action Items

Ole Johansson: To restructure the architecture document, focusing on general overview.
Rick Moran: To help Ole Johansson refine the architecture document.
Michael Richardson: To start a thread on the mailing list regarding the ownership transfer discussion and its impact on the architecture.
Michael Richardson and Victor Dukhovni: To create a draft for a TLS extension to solicit a certificate request message from the server.
Working Group: Consider incorporating relevant pieces from the architecture document into protocol documents to make them more standalone.
Chairs: To determine where the TLS extension draft should be submitted (TLS working group or DANCE working group).
Chairs: To schedule potential interim meetings, likely one in January, with a call for agenda topics in advance.

Next Steps

Address comments and feedback on the architecture document.
Continue discussions on the mailing list, particularly regarding ownership transfer and privacy.
Review and comment on the TLS DANE Client ID and DANE Client ID Certificate documents during the last call period.
Prepare for a potential interim meeting in January by submitting agenda topics.