Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 24 Jul 2023 16:30

# dispatch

## Summary
The dispatch session covered four topics: Spiffy workload identity, securing ancillary data for CDN (SADCDN), SDP security assurance, and S-expressions. The discussion focused on determining the appropriate IETF area or working group for each topic, with considerations for security, applicability, and existing work.

## Key Discussion Points

*   **Spiffy Workload Identity:**
    *   Justin presented Spiffy and its potential applications within IETF, particularly regarding node attestation and identity management in cloud environments.
    *   The group discussed whether Spiffy-related work belonged in the art area or the security area (SEC).
    *   Concerns were raised about the applicability of standardizing protocols that might be vendor-specific.
    *   Participants highlighted ongoing work in the OAuth working group related to identity chaining and transaction tokens.
*   **Securing Ancillary Data for CDN (SADCDN):**
    *   Matt presented a draft on securing ancillary data for CDNs, focusing on adaptive video traffic shaping as a use case.
    *   The group explored the limitations of existing signaling methods and the need for a secure, interoperable standard.
    *   Discussion revolved around privacy concerns and potential information leakage with explicit signaling.
    *   Participants raised the need for a broad approach including both network-to-endpoint and endpoint-to-network signaling.
    *   Related prior work on traffic pacing in MPAC and hint signaling in CTA were mentioned as relevant.
*   **SDP Security Assurance:**
    *   Kaiser presented a problem related to the lack of signaling for the SRTP rollover counter (ROC) in SDP security.
    *   Various scenarios where this can lead to interoperability issues and decryption problems were discussed.
    *   Participants considered if this update was needed, considering the existence of DTLS-SRTP. There was debate around updating existing tech versus transitioning to newer standards.
    *   Options for signaling the ROC in SDP were proposed.
*   **S-Expressions:**
    *   Donald presented a draft to update and standardize S-expressions.
    *   The discussion centered on whether to proceed with AD sponsorship or submit the draft to the Independent Submissions Editor (ISE) for publication.
    *   Concerns were raised about the necessity of publishing the draft within the IETF, as opposed to other means.

## Decisions and Action Items

*   **Spiffy Workload Identity:** Propose a Birds of a Feather (BoF) session at IETF 118. Coordinate with the SEC area to ensure their participation. Join the mailing list for workload identity in multi service environments.
*   **Securing Ancillary Data for CDN (SADCDN):** Propose an art area BoF session. Incorporate privacy and leakage concerns in the session's setup.
*   **SDP Security Assurance:** Take the topic to the Media and Indication (in music) working group for consideration.
*   **S-Expressions:** Do not proceed with IETF standardization. Subtly suggest to the author the possibility of independent submission stream.

## Next Steps

*   Justin to propose a BoF for Spiffy Workload Identity at IETF 118.
*   Matt to propose an art area BoF session for SADCDN.
*   Kaiser to present SDP Security Assurance to the in music working group.
*   Donald to consider submitting the S-expressions draft to the ISE.
*   Review use case documentation to really kick the conversation forward.