From: Carl Ellison <cme@cybercash.com>
To: cypherpunks@toad.com
Message Hash: eebcc67b730be258d7fee3a7ffbfdbcc0d02a3156a3484a7784b13f9e1b9df34
Message ID: <2.2.32.19960703215331.00736f58@cybercash.com>
Reply To: N/A
UTC Datetime: 1996-07-04 01:57:56 UTC
Raw Date: Thu, 4 Jul 1996 09:57:56 +0800
From: Carl Ellison <cme@cybercash.com>
Date: Thu, 4 Jul 1996 09:57:56 +0800
To: cypherpunks@toad.com
Subject: Minutes Of the WWW I&A Forum
Message-ID: <2.2.32.19960703215331.00736f58@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain
>Return-Path: <NIEMCZUKJ@bah.com>
>Date: Wed, 03 Jul 1996 5:45pm
>From: "Niemczuk John" <NIEMCZUKJ@bah.com>
>To: vanbelld@bah.com, hapemand@bah.com, anthony.vitale@qmgate.trw.com,
> balenson@tis.com, ballodi@paralon.com, bdorsey@v-one.com,
> benner_tim@bah.com, bitting@mitre.org, bonatti@bah.com,
> cme@cybercash.com, crowan@jgvandyke.com, cscrugg@spyrus.com,
> dale@sctc.com, davidh@checkpoint.com, davids@checkpoint.com,
> fred.unterberger@east.sun.com, ghilborn@csc.com, hecker@netscape.com,
> hh@columbia.sparta.com, hittman@v-one.com, housley@spyrus.com,
> hthomas@smiley.mitre.org, iolson@mitre.org, j_rolen@hud.gov,
> jacksont@lfs.loral.com, jalexand@aero.org, james.prohaska@litronic.com,
> janispel@caas.com, janisple@caas.com, jbiggs@csc.com,
> jfurlong@mitre.org, jharrell@centech.com, jim.beattie@network.com,
> jim@lsli.com, jmat@vnet.ibm.com, jmyers@mitre.org, jswang@v-one.com,
> kearny@betuvic1.vnet.ibm.com, khrose@annap.infi.net,
> khutton@lfs.loral.com, kurowski@lfs.loral.com, lnotargi@us.oracle.com,
> louden@mitre.org, luther@sware.com, migues_sammy@prc.com,
> mikez@secureware.com, mjm@reston.ans.net, mkrenzin@mail.hcsc.com,
> mmancuso@v-one.com, mulvihil@smiley.mitre.org, netland@scc.com,
> olkowskid@comm.hq.af.mil, oswald@columbia.sparta.com, pguay@mitre.org,
> price_bill@prc.com, ray@sesi.com, sferry@raptor.com,
> shlomo@checkpoint.com, sledgerw@bdm.com, smith@sctc.com,
> tcfarin@sed.csc.com, tehrsam@us.oracle.com, thomps1r@ncr.disa.mil,
> vritts@cscmail.csc.com, watt@sware.com, wneugent@smiley.mitre.org,
> woycke@mitre.org
>Cc: jhsteve@missi.ncsc.mil
>Subject: Minutes Of the WWW I&A Forum
>
> Multilevel Information Systems Security Initiative
>(MISSI)
> Identification and Authentication (I&A) Forum
> 3 June 1996, Meeting Minutes
>
> The theme of this I&A Forum was security for the World Wide Web (WWW).
> The following was the agenda for the meeting:
>
> - Introduction - Dave Luddy, National Security Agency (NSA)
> - Web Technology Overview - Dave Dodge, NSA
> - INTELINK Security Needs - Susanne Rosewell, ISMC
> - Mitre Corporate Experiences Using The Web (An Information Security
>[INFOSEC] Point Of View) - Michael Louden, Mitre
> - Security Policy Summary - Dale Hapeman, Booz, Allen & Hamilton
> - Internet Engineering Task Force (IETF)/Worldwide Web Consortium (W3C)
>Secure Web Standard Activities - Judy Furlong, Mitre
> - Netscape and Web Security - Frank Hecker, Netscape
> - Protecting Web Sites From Attack - Dr. Rick Smith, Secure Computing
>Corporation
> - Security products For WWW Applications - Mike Zauzig, SecureWare
> - WWW Access (Attempting Solutions) - Dale Hapeman, Booz, Allen & Hamilton
> - Forum Wrap-up - Dave Luddy, NSA
>
> Mr. Dave Luddy, the Forum Chairperson, opened the meeting with an
>overview of the forum. He discussed:
> - The goal of the forum is "to insure the commercial availability of
>affordable I&A solutions that meet our customer's security, performance,
>interoperability, and security management needs."
> - The focus is on MISSI FORTEZZA based solutions.
> - The development of an I&A Concept Of Operations (CONOPS) will be used as
>the means of capturing I&A requirements for WWW access and other network
>applications.
> - The forum participants and modus operandi are documented in the I&A
>Forum Charter.
>
> Mr. Dave Dodge, from the Operations Directorate of NSA, presented an
>introduction to the WWW technology. Mr. Dodge presented an overview of:
> - The Hypertext Transport Protocol (HTTP) which is one of the most
>flexible tools for navigating the Internet.
> - Uniform Resource Locators (URLs) which allow a user to identify the
>location of a resource and the method used to retrieve it.
> - The HyperText Mark-up Language (HTML) which is used to format Web pages
>and present URLs to users.
> - The Common Gateway Interface (CGI) which allows programs run on a server
>to receive data from a user via an HTTP connection.
> - JAVA which allows a program to be moved from the server to a client and
>then executed on the client. JAVA is designed to "protect you from itself".
> It has checks that are made during execution. JAVA is not universally
>implemented yet. There is no tag in the HTML
> - The Secure Socket Layer (SSL)
> - The Secure-HTTP (S-HTTP)
>
>Questions and Answers:
>Q: Is a firewall able to differentiate an access made by a user from an
>access originated by a JAVA applet?
>A: (from Dave Dodge and Frank Hecker): No. A JAVA applet can open any
>random port to the server that provided it.
>Q: Can a JAVA applet make an access through a proxy?
>A: (from Frank Hecker). Either the applet needs to know about that proxy
>ahead of time or it can make use of the existing HTTP browser.
>Q: Do search engines present any special I&A issues?
>A: Most search engines are implemented using the GET or POST HTTP commands
>which feed a program running on the server. Control of access to that
>program is the same as access to any Web page.
>Q: Is there an IETF Working Group (WG) for WWW?
>A: The W3C is an industry consortia that deals with Web issues (it's
>responsible for the new HTML standard). There are many IETF WGs and
>standards related to Web topics.
>
> Ms. Susanne Rosewell, from the ISMC Security office presented a
>briefing on INTELINK security needs. She pointed out that there is a panel
>working on security issues that meets monthly. They are supported by several
>WGs that are addressing:
> - JAVA
> - Access Control
> - Firewalls
> - Inter Domain security
>
> Ms. Rosewell discussed some of the security issues and goals related to
>INTELINK:
> - Currently, Local Administrators provide security by reviewing server
>logs to track who has had access to a server (i.e., no access control).
> INTELINK would like to provide access control at the "front door" and not
>at individual servers.
> - They are looking at using X.509 Version 3 certificates to provide the
>ability to limit access to no foreign (NOFORN) information. They also want
>to use X.509 certificates to identify community of interest (COI).
> - The Inter Domain WG is investigating the use of commercial off-the-shelf
>(COTS) multi-level security (MLS) servers to allow a Secret user to access
>Secret and below data from a server that also contains Top Secret data.
> - A long term goal is to provide "true data labeling" so that data may
>carry and maintain a sensitivity label.
>
>Questions and Answers:
>Q: Isn't it harder to get Secret data into a Top Secret enclave than to
>get Secret data out of a Top Secret enclave?
>A: Yes.
>Q: Is the goal to provide servers that contain both Top Secret and Secret
>data that is connected to both (S and TS) networks?
>A: Yes.
>Q: Is data aggregation an issue?
>A: Current efforts are to only label individual data objects.
>Q: How will an individual user determine what technology to use and when
>to upgrade?
>A: INTELINK will be mandating a SSL capable browser in the future and is
>asking people to comply with that requirement now.
>Q: Will the INTELINK e-mail solution be Simple Mail Transfer Protocol
>(SMTP) or X.400.
>A: The E-mail application package that INTELINK will standardize on is
>still an issue. They need a application now and consider SMTP as the only
>current option. X.400 applications (from the Defense Message System [DMS])
>are somewhere down the road.
>Q: Commercial MLS servers are not readily available, the market has not
>been established. How will INTELINK obtain COTS MLS servers?
>A: There are a few MLS workstations available. INTELINK is working with
>NSA and vendors to solve this issue.
>Q: INTELINK is requiring the use of Version 3 X.509 certificates, DMS has
>an infrastructure based on Version 1 certificates. Is anyone working on
>solving this issue.
>A: There is an INTELINK representative on the MISSI Key Privilege &
>Certificate WG (KP&CWG) which is working on the problem of incompatible
>X.500 infrastructures. Conversion from Version 1 to Version 3 X.509
>certificates is a transition issue for DMS. The issue is the timing of the
>conversion to Version 3 certificates. There was never any intention to
>interoperate between the two versions.
>
> Mr. Michael Louden, who is involved with Mitre corporate management of
>computer and network operations briefed "A Corporate Experience Using The
>Web (An INFOSEC Point Of View). The briefing provided an overview of the
>Mitre Information Infrastructure (MII). In the area of security, the
>briefing included the MII security environment, key security features,
>security trade-offs, and security issues. Miter has different access control
>mechanisms (e.g., Passwords, Tickets) for different servers and would like
>to centralize/standardize the access control mechanisms.
>
>Questions and Answers:
>Q: When Mitre splits into two separate organizations, will you have to
>totally rework your access control rights?
>A: Mitre plans to duplicate the access control system and then delete the
>individuals from the other organization.
>
> Mr. Dale Hapeman, the Booz(Allen I&A task leader, presented a briefing
>on "Sensitive But Unclassified (SBU) WWW Requirements." He started the
>brief by reviewing the Context Diagram from the I&A CONOPS and presented an
>operational environment which showed Web clients an servers relative to SBU
>enclaves. Mr. Hapeman followed with an explanation of how each facet of a
>MISSI security policy could be applied to data as it is being transferred
>between a Client and Server through multiple firewalls. He provided
>definitions of Authorized and Authenticated. Mr. Hapeman finished with an
>invitation to the audience to consider the policies they would like to see
>implemented at the different components involved in a WWW access (client,
>server, and firewall).
>
> Ms. Judith Furlong is a lead INFOSEC Engineer at the Mitre corporation.
>She presented a briefing titled "IETF/W3C Secure Web Standards Activity."
> Ms. Furlong started her briefing with a discussion of the following
>existing Web security standards
> - SSL Protocol
> - S-HTTP
> - Private Communication Technology (PCT) protocol
> - Secure Electronic Transaction (SET) Protocol
>
> Ms. Furlong followed with an overview of the W3C, including a
>discussion of the W3C Security WG. Ms. Furlong covered:
> - The Protocol Extension Protocol (PEP), a W3C proposal for extending HTTP
>to accommodate additional capabilities such as security, watermarks,
>labeling etc. She further described the Security Extension Architecture
>(SEA) using the proposed PEP.
> - The Joint Electronic Payment Initiative (JEPI), a joint WG between the
>W3C's Electronic Payments WG and CommerceNet which is developing an Internet
>payment protocol negotiation scheme and a standard interface for payment
>modules.
> - The Digital Signature Initiative which deals with issues associated with
>applying digital signatures to objects such as video frames.
> - The Platform for Internet Content Selection (PICS) WG which has the
>charter to design technology to support "values-based" content
>rating/labeling. The PICS technology has security applicability.
>
> Ms. Furlong provided an overview of the IETF and its Web Transaction
>Security (WTS) and Transport Layer Security (TLS) WGs.
> She completed her briefing with a discussion of the following security
>areas not being addressed by standards efforts:
> - Secure Search capabilities
> - Mobile Code Security
> - Security Management Functions
> - Interfaces to Security Infrastructures
>
> Mr. Frank Hecker, a senior systems engineer with Netscape
>Communications Corporation, presented a briefing on Netscape and Web
>Security. The briefing covered the security areas and technologies that
>Netscape is active in. Mr. Hecker started with a discussion of SSL and how
>Netscape has improved it through upgrades to their Navigator software as
>well as additional SSL issues they are investigating. He also covered
>Netscape's security related issues:
> - Support for hardware tokens other than FORTEZZA.
> - Making a browser "firewall aware" (e.g., able to authenticate to
>intermediate firewalls) without becoming susceptible to man-in-the-middle
>attacks.
> - Providing directory services for use by many different types of
>applications.
> - Downloadable applications (JAVA and JAVASCRIPT)
> - Financial transactions - Netscape will implement SET
> - Secure e-mail - S/multipurpose internet mail extensions (MIME)
>(initially not FORTEZZA)
> - Public key infrastructure - Committed to X.509 Version 3 Certificates
> - User and/or administrator configurability - Netscape will have a toolkit
>to support Navigator 3.0.
>
>Questions and Answers:
>Q: What are Netscape's plans for supporting applications other than Web
>browsing over SSL connections?
>A: Netscape currently implements HTTP, NNTP over SSL. They plan on
>implementing lightweight directory access protocol (LDAP) over SSL in the
>future. file ransfer protocol (FTP), TELNET, and SMTP/POP3/IMAP4 are
>possible but not planned. Other vendors or individuals have implemented
>TELNET and FTP over SSL.
>Q: How does a user deal with non-SSL servers or optionally implementing
>SSL on a connection?
>A: A page that must be accessed with SSL is designated with a URL starting
>with https:// (instead of http://).
>
> Dr. Rick Smith an information security consultant with Secure Computing
>Corporation presented a briefing titled "Protecting Web Sites From Attack".
> Dr. Smith started his presentation with a history of some of the more well
>known sever penetrations. Dr. Smith discussed several types of attacks and
>methods of protection with Type Enforcement Encapsulation.
>
>Questions and Answers:
>Q: Where are the tables used for type enforcement defined?
>A: There is an Administrators Tool that includes this function.
>Q: How many domains and types can Sidewinder implement?
>A: Dozens.
>
> Mr. Mike Zauzig, a senior products development engineer with
>SecureWare, presented a briefing on "Security Products For WWW
>Applications." Mr. Zauzig provided an overview of his company, aspects to
>web security, and the following SecureWare products:
> - Hannah - Network Security
> - Troy - Platform Integrity Assurance
> - SecureMail - E-mail Security
> - Secure Web Platform Integrity - Safe Web Server
> - Interceptor - Transmission Control Protocol (TCP)/IP Firewall
> - Internet Scanner - Attack Simulator
>
>Questions and Answers:
>Q: Is SecureWare's mail package interoperable with other FORTEZZA e-mail
>implementations.
>A: Yes (Dave Luddy).
>Q: The Security First Network Bank shows a Web server that is connected to
>directly the Internet (not through the firewall). Is this machine running
>SSL on one side and Hannah on the other?
>A: Yes.
>
> Mr. Hapeman presented a briefing which attempted to summarize the
>security requirements presented at the day's meeting. He reviewed the
>security services needed and the requirements that are allocated to
>components. He also discussed the protocol requirements and possible
>solutions available to secure the Web. Different options for authenticating
>to firewalls placed between clients and servers were presented. Much work
>remains to secure the proxy or tunneling solutions.
>
>Questions and Answers:
>Q: The Internet Protocol Security (IPSec) protocol has not been mentioned
>all day. It is very mature and has had much NSA input (especially the
>Internet Security Association and Key Management Protocol [ISAKMP] key
>management protocol). It should be considered as a security solution.
>A: Agreed. IPSec is a viable option, especially for authenticated
>firewall-to-firewall connections. It was not mentioned by name but is
>certainly being considered as a solution.
>
> Mr. Luddy's closing comments were:
> - NIST FIPS PUB JJJ has been discussed at previous I&A Forums. Although
>it presents an authentication scheme, it does not provide for interoperable
>solutions. Dave Kemp has authored a Public Key Login Protocol that provides
>the detail needed for interoperability. The document will be submitted as
>an IETF Internet draft. Comments are solicited.
> - The I&A CONOPS document will be sent out by e-mail to everyone who
>registered.
> - The topic for the next I&A Forum is Access Control. It is scheduled for
>8-9 July 1996.
>
>
>
Return to July 1996
Return to “Carl Ellison <cme@cybercash.com>”
1996-07-04 (Thu, 4 Jul 1996 09:57:56 +0800) - Minutes Of the WWW I&A Forum - Carl Ellison <cme@cybercash.com>