[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft meeting minutes

To: ietf-pkix@xxxxxxx
Subject: draft meeting minutes
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 11 Mar 2005 10:15:52 -0500
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


Folks,

Here is the first draft of the meeting minutes. Please getcomments/corrections to me by 3/21.


Thanks,

Steve
------

PKIX WG Meeting 3/8/05

Edited by Steve Kent

Chairs: Stephen Kent <kent@xxxxxxx> & Tim Polk <tim.polk@xxxxxxxx>

The PKIX WG met once during the 62nd IETF. A total of approximately45 individuals participated in the meeting.



Document status - Tim Polk (NIST)

Five documents in RFC Editor's queue. One document justapproved by IESG, several more in the IESG queue for review &approval. Several documents stalled.



PKIX WG Document Presentations

Simple Certificate Validation Protocol (SCVP) - David Cooper (NIST)

Significant progress has been made towards rough consensusthrough the two drafts submitted since the last meeting. These draftsrepresent been submitted with significant enhancements. At this stage(rev 18) the editors are trying to determine if the remainingcomments suggesting changes have wide support and thus need to beaccommodated. David noted some confusion re the semantics of thedefault validation policy part of the spec, which needs to bediscussed on the list to resolve some ambiguities. Several "sense ofthe room" polls were taken, but the questions will be brought to thelist for resolution.


3280bis - David Cooper (NIST)

A design team met in January to develop a -00 draft from aissues list complied from PKIX mail messages and mail to the RFC 3280editors. Draft -00 incorporates a number of clarifications and smallchanges designed to align with ISO and remove ambiguities, and a newsection on comparing internationalized names. See the nextpresentation for details on internationalization of names. A questionwas raised as to whether this document should be used by anapplication to guide name matching rules, if the application makesuse of a name from a certificate to make an access control decisionor analogous determination. To first order, this document addressesmatching rules only for name comparisons relative to path validation,e.g., for certificate chaining and for applications of nameconstraints.

UTF8String Deployment and Migration - Akira Kanaoka (Secom/JNSA PKIChallenge Project)This presentation reported on feedback received from aquestionnaire on UTF8String deployment in Asia, i.e., to determinethe extent to which CAs in Asia followed the RFC 3280 guidance onthis topic, guidance that was rescinded in 3280bis! The survey wassent to Asia PKI Forum members in 9 countries, but got replies from11 CAs in 3 only countries. All of the CAs that replied weregovernment-funded, not private CAs. Responses indicate that most CAsuse UTF8 when they need to represent names in other than their localcharacter set. Another survey looked at MS Windows root certificatestores, as a measure of commercial CA migration, and here none of theroot CAs had UTF8 encodings! Given the commercial CA situation, needa migration plan. Suggestion is to create an individual submission,Informational RFC to describe whatever migration strategy isdeveloped, test cases, etc.


CRL Signer Certificates and AIA - Stefan Santesson (Microsoft)

Draft -00 of this new PKIX document was published after thelast meeting. There has been moderate discussion on the list aboutthis draft. About 5 major issues were identified. Responses have beenproposed for each issue and, where appropriate, will be reflected inthe next draft. One issue (choice of recommended referral methods)still remains, and will be addressed on the list.


Update on CRMF, CMC documents - Jim Schaad (Soaring Hawk)

This presentation reviewed the state of several related draftsand highlight the controversies that remain. CRMF was forwarded tothe RFC editor a bit earlier that Jim had anticipated. Two OIDassignments need to be changed, and the plan is to use the 48-hourauthor's review period to make these changes, after confirmation onthe WG list. CMC-based and transport documents are ready, will go outsoon. CMC compliance document will go out very soon. CMC archive hasone issue to be resolved, dealing with packaging of multiple keysretrieved from an escrow agent. Nonetheless, this document also willbe republished and ready for last call very shortly.


Related Specifications & Liaison Presentations

LDAP schema definitions - Kurt Zeilenga (OpenLDAP)

The author of this individual submission has requested thatthe WG review and comment upon this draft. He intends to make adecision by the end of IETF#62 whether to recommend this revision forIESG consideration as a Proposed Standard. This document is intendedto be published at the same time as the revised LDAP TS beingdeveloped by the LDAPBIS WG.


OCSP Data Interchange Format - John Hines (Tumbleweed)

The presenter will be submitting an individual draft defining adata interchange format for OCSP servers. The presentation describedthe problems that inspired this draft and invites WG participation,even though the document will not be a PKIX document. The goal is toeventually make this a standard, and Russ Housley explained theprocedure for doing this via the individual submission path.

Prev by Date: Re: 3280bis: OtherName "health warning"
Next by Date: I-D ACTION:draft-ietf-pkix-rfc2511bis-09.txt
Previous by thread: Ackquire all the me ds you need in one place! bookie
Next by thread: draft meeting minutes
Index(es):
- Date
- Thread