PKI Disaster Recovery and Key Rollover

["Denis Pinkas" <denis.pinkas@xxxxxxxx>]

To the WG,

I edited together with Joel Kazin an individual Internet-Draft that has been placed on the IETF web server.
The target category is INFORMATIONAL.

The document is now available at:
https://datatracker.ietf.org/drafts/draft-pinkas-pkix-pki-dr-kr

The abstract is the following:

   This document presents a framework to assist the writers of policy 
   or practice statements and the designers of a Public Key 
   Infrastructure to prepare disaster recovery plans in case of a
   private key-compromise or a private key-loss.  This may happen to 
   end-entity keys, Certification Authorities, Revocation Authorities, 
   Attribute Authorities, or Time-Stamping Authorities.  Since 
   certificates have finite validity, CA key-rollover should be 
   planned in advance. 

   In addition, denial of service attacks on Repositories holding 
   CRLs has also to be considered.
   This framework provides a comprehensive list of potential key-
   compromise or key-loss conditions that, in the opinion of the 
   authors, should be addressed so that it is possible to quickly 
   recover from exceptional situations.

I ask the WG to consider whether this document should be progressed 
as an individual contribution or as a PKIX WG document.

I will not be present at the next meeting, but I plan to prepare a few slides to present the draft.

To this respect, I ask whether it would be possible to get a time slot (5 minutes) 
at the next meeting. 

Denis