W3C

- DRAFT -

HTTPS Migration in Local Network Breakout

21 Sep 2016

Agenda

See also: IRC log

Attendees

Present
Tomoyuki_Shimizu, Kaoru_Maeda, Kaz_Ashimura(W3C), Kaoru_Maeda(Lepidum), Junichi_Ajitomi(Toshiba), Tomoyuki_Shimizu(KDDI), Giri_Mandyam(Qualcomm), Tatsuya_Igarashi(Sony), Tomohiro_Yamada(NTT), Kiyoshi_Tanaka(NTT), Matsuo_Suzuki(SoftBank), YounJae_Shin(SoftBank), Hamid_Amir_Alikhani(Panasonic), Licheng_Yin(Qihoo360), Francois_Daoust(W3C), Yves_Lafon(W3C), Mike_West(Google), Mike_Smith(W3C), Brad_Hill(Facebook), Jiajia_Li(Alibaba), Rouslan_Solomakhin(Google), Joe_Hall(Center_for_Democracy_and_Technology), Mohammed_Dadas(Orange), Jin_Peng(China_Mobile), Yingying_Chen(W3C), Olive_Xu(W3C), Kazuhiro_Hoya(J-BA), Claes_Nilsson(Sony), Jatinder_Mann(Microsoft), Yoshiaki_Ohsumi(Panasonic), Kazuo_Kajimoto(Panasonic), Takeshi_Kanai(Sony), Cullen_Jennings(Cisco), Ari_Keranen(Ericsson), Carsten_Bormann(TZI), Toshihiko_Yamakami(ACCESS), Natashi_Rooney(GSMA), Vivien_Lacourba(W3C), Osamu_Nakamura(W3C), Adam_Roach(Mozilla), Koichi_Takagi(KDDI), J.C._Jones(Mozilla), Rik_Cabanier(Adobe), Mark_Foltz(Google), Hyojin_Song(LGE), Kenichi_Nunokawa(Keio), Satoshi_Nishimura(NHK), Anne_van_Kesteren(Mozilla), James_Graham(Mozilla), Wonsuk_Lee(ETRI)
Regrets
Chair
Tomoyuki_Shimizu
Scribe
kaorumaeda

Contents

<inserted> scribenick: kaorumaeda

Tomoyuki: Gives intros
... Smart TVs, set-top boxes have HTTP services in home networks.
... HTTP and WebSockets without TLS are considered non-secure and have some problems.
... How can we access these in-home servers in HTTPS?
... Goals in this session: Clarify motivation, share difficulties, collect ideas, provision a community group

HTTPS Migration in Local Network

Junichi presents HTTPS Migration in Local Network

<Tomoyuki> https://www.w3.org/wiki/images/4/43/Http-migration-in-local-network.pdf

Junichi: related sessions 2014 WoT devices, 2015 ??
... Use case: vehicle API exposes car signals (speeds, rpm, etc.)
... Introducing local server to provide APIs. Easier implementation and access control
... Use case 2: Local video storage. A web page from a cloud service wants to access local video storage. This is a cross origin access. Problems with TLS and DNS lookup arise
... PLEX's solution: Local server announces it's local IP address to cloud application server. Application server tells the local server URL (with embedded IP address) to the browser. Browser looks up DNS that in turn returns local IP address
... Local server has a cert whose CN is *.id.example.com
... CA/Browser forum guidance deprecates local IP like 192.168.*.* as Common Name.
... PLEX's solution has a public DNS that returns local IP address.

Brad: This would be acceptable by the guidance. Common Name looks like a public address.
... The point of the guide is when looking up 'mail' that returns different certs in different environment.

Joe: Think which of public PKI and private CA case?

Junichi: both, but for this session public.
... So far we don't have enough support for local device certificates.
... We want better solution than PLEX's. For privacy, discovery, and management purposes.
... Different stakeholders take care of different subsets of the participants in Internet to private network picture.

Giridhar: You can have trusted association between local devices and private certs can work

Junichi: I don't reject that. We want simpler solution.

Tatsuya: We introduced the problem and want as many solutions.

Local Network Discovery and HTTPS

Tatsuya: Addresses problem of discovery of local device

<Tomoyuki> https://www.w3.org/wiki/images/6/6c/TPAC2016_Local_Discovery_and_HTTPS.pdf

Tatsuya: UA can have local CA's certificates (or self-signed) if well-managed locally.
... However W3C standards like CORS doesn't like Mixed Contents or self-signed certs.

<annevk> (FWIW, CORS doesn't require HTTPS, but the point he made stands.)

Tatsuya: Local network traffic should be encrypted as well.
... Straw Man solution. Use TLS server certs with FQDN and public DNS for LAN devices.
... The idea as that the local device registers LAN address FQDN to a dynamic DNS server
... local mDNS respond CNAME to the (public) dynamic DNS server
... Use case local media server page can be displayed in WebView. EME in Secure Context is possible.
... Use case 2: Presentation API discovery is possible.

Brad: CNAME approach could be problematic because trust between DNS servers is not enough

Cullen: mDNS in public Wifi can be easily spoofed

“.local” Server Certificate for HTTPS migration on local network

<Tomoyuki> https://www.w3.org/wiki/images/3/37/2016.w3c.breakout_session.dot-local-server-cert.p.pdf

Daisuke presents ".local" server certificate

Daisuke: Use case: local media cache server. VoD service offers local media cache for the browser.
... Problem: it's mixed content. Can't issue valid server certificates to local devices.
... User cannot have an opportunity to authorize local server access to the origin. User cannot judge whether the origin is evil or not.
... Candidate solution: ".local" server certs allowed only on user+UA grants.
... UA provides a new API that allows secure origin to access local devices by issuing .local server certificates.
... IoT devices' CSR with attestation key is sent to CA via UA's API.
... PoC impl on Web Bluetooth API. BLE can be a promising proximity transport. But we lack certs installation API.
... Does ".local server certificates" sound practical?

Anne: Focus with user consent is good. Tap on the device could approve establishing secure connections.

mkwst: Host name + hash of public key might be one way to achieve this.

Cullen: If we assume dynamic DNS, nothing stops that the device decides it's unique host name.

Anne: Local IP address disclosure is different between these solutions.

Tatsuya: Randomized DNS name could be a similar approach in IPv6 local link address.
... When mDNS cannot be trusted, HTTPS neither. There is no additional risk.

Joe: Privacy problem exists in Mitsubishi cars' identities that can be tracked location

Tatsuya: Domain name can be rotated.

Cullen: Hardest part is to decide what privacy properties you want to protect.

Giri: ???

Tomoyuki: Next steps: continue discussions but where?

<kaz> kaz: please continue the discussion about how to proceed :)

<kaz> [ adjourned ]

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.144 (CVS log)
$Date: 2016/09/21 11:08:39 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.144  of Date: 2015/11/17 08:39:34  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: i/Tomoyuki:/scribenick: kaorumaeda
Succeeded: s/@@:/Brad:/
Succeeded: s/@@/Giridhar/
Succeeded: s/@@/Cullen/
Succeeded: s/@@@:/Giri:/
Found ScribeNick: kaorumaeda
Inferring Scribes: kaorumaeda
Present: Tomoyuki_Shimizu Kaoru_Maeda Kaz_Ashimura(W3C) Kaoru_Maeda(Lepidum) Junichi_Ajitomi(Toshiba) Tomoyuki_Shimizu(KDDI) Giri_Mandyam(Qualcomm) Tatsuya_Igarashi(Sony) Tomohiro_Yamada(NTT) Kiyoshi_Tanaka(NTT) Matsuo_Suzuki(SoftBank) YounJae_Shin(SoftBank) Hamid_Amir_Alikhani(Panasonic) Licheng_Yin(Qihoo360) Francois_Daoust(W3C) Yves_Lafon(W3C) Mike_West(Google) Mike_Smith(W3C) Brad_Hill(Facebook) Jiajia_Li(Alibaba) Rouslan_Solomakhin(Google) Joe_Hall(Center_for_Democracy_and_Technology) Mohammed_Dadas(Orange) Jin_Peng(China_Mobile) Yingying_Chen(W3C) Olive_Xu(W3C) Kazuhiro_Hoya(J-BA) Claes_Nilsson(Sony) Jatinder_Mann(Microsoft) Yoshiaki_Ohsumi(Panasonic) Kazuo_Kajimoto(Panasonic) Takeshi_Kanai(Sony) Cullen_Jennings(Cisco) Ari_Keranen(Ericsson) Carsten_Bormann(TZI) Toshihiko_Yamakami(ACCESS) Natashi_Rooney(GSMA) Vivien_Lacourba(W3C) Osamu_Nakamura(W3C) Adam_Roach(Mozilla) Koichi_Takagi(KDDI) J.C._Jones(Mozilla) Rik_Cabanier(Adobe) Mark_Foltz(Google) Hyojin_Song(LGE) Kenichi_Nunokawa(Keio) Satoshi_Nishimura(NHK) Anne_van_Kesteren(Mozilla) James_Graham(Mozilla) Wonsuk_Lee(ETRI)
Agenda: https://www.w3.org/wiki/TPAC2016/SessionIdeas#HTTPS_Migration_in_Local_Network
Got date from IRC log name: 21 Sep 2016
Guessing minutes URL: http://www.w3.org/2016/09/21-https-local-minutes.html
People with action items:
[End of scribe.perl diagnostic output]