[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Draft Agenda for PKIX
Folks,
Here is the draft agenda for the PKIX meeting. I believe I have accomodated
all requests for a time slot. If I missed your, please contact me ASAP. In
theory, we have twenty minutes of unused time. However, I back loaded the
agenda with the directory discussions. If history serves, that is sure to
consume the remaining time!
Thanks,
Tim Polk
--------------------Draft Agenda for PKIX at the 56th IETF-----------------
PKIX WG (pkix-wg)
THURSDAY, March 20, 2003 0900-1130
=================================
CHAIR: Stephen Kent <kent@xxxxxxx>, Tim Polk <tim.polk@xxxxxxxx>
AGENDA:
1. Document Status Review Tim Polk (NIST)
The working group has thirty two Internet-Drafts. A number of
documents are with the ADs or in various stages of WG Last Call.
Several others are ready for Last Call. (5 min.)
2. Delegated Path Discovery & Validation (DPD/DPV)
The working group has completed the DPD/DPV Requirements document;
this specification has become RFC 3379. The requirements document was
developed as baseline for evaluation of competing proposals. The
evaluation is complete and SCVP has been selected as the PKIX DPD/DPV
protocol (25 min. - 5 min. strawpoll, 15 min. SCVP, 5 min. discussion)
2.1 DPD/DPV Protocol Selection Tim Polk
The WG co-chairs selected SCVP as the PKIX protocol for DPD/DPV
based on a strawpoll of the WG, along with evidence of compliance
to the requirements stated in 3379.
2.2 Simple Certificate Validation Protocol Trevor Freeman (MicroSoft)
http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-11.txt
An additional draft of SCVP is expected to achieve full
compliance with RFC 3379. Analysis posted to the list suggests
a list of possible open issues based on the compliance matrix.
These issues will be addressed, then WG Last Call will commence.
2.3 Open Mike Discussion DPD/DPV Protocols
3. Proxy Certificate Profile - Von Welch (Univ. of Chicago)
http://www.ietf.org/internet-drafts/draft-ietf-pkix-proxy-04.txt
Use of a proxy credential for impersonation is a common technique used in
security systems, allowing an entity A to grant to another entity B the
right for B to authenticate with others as if it were A. This document
defines a certificate profile for proxy credentials based on RFC 3280.
(10 min.)
4. Attribute Certificate Policy extension - Christopher Francis (WetStone)
http://www.ietf.org/internet-drafts/draft-ietf-pkix-acpolicies-extn-
02.txt
This document defines an attribute certificate policy extension, which is
an analog to the certificate policies extension for public key
certificates.
This extension can be used to assert the policy governing issuance of the
attribute certificate in which it appears. (10 min.)
5. Trusted Archive Protocol - Carl Wallace (Cygnacom)
http://www.ietf.org/internet-drafts/draft-ietf-pkix-tap-00.txt
A Trusted Archive Authority (TAA) is a service that supports long-
term non-repudiation by maintaining secure storage of
cryptographically refreshed information. This document defines a set
of transactions for interacting with a Trusted Archive Authority
(TAA) and establishes a means of representing archived information.
(10 min.)
6. RFC 3039bis Qualified Certificates Update - Stefan Santesson (Retrospekt)
http://www.ietf.org/internet-drafts/draft-ietf-pkix-sonof3039-00.txt
An update to RFC 3039, Qualified Certificate Profile, has been submitted.
The presentation will describe the proposed modifications and the
supporting
rationale for those changes. (10 min.)
7. RFC 3280 Interoperability Testing Report - Tim Polk (NIST)
NIST is currently performing the interoperability testing for RFC 3280.
This presentation will update the WG on NIST's progress, projected
completion date, and issues identified to date. (5 min.)
8. European Open Standards for Electronic Signatures: the EESSI
- Riccardo Genghini (SG&A)
The European Elctronic Signature Standardization Initiative (EESSI) is an
industry initiative in Support of the European Directive on Electronic
Signatures. EESSI is entering the maintenance phase for their
specifications,
and would like to factor feedback from the technical experts in PKIX into
their evolution. (10 min.)
9. Multi Domian PKI Test Suite -- the result of JNSA Challenge PKI 2002
Ryu Inada (JNSA)
The Japan Network Security Association conducted JNSA Challenge PKI 2002.
One of the results was a Multi-Domain PKI Test Suite. This presentation
will include a brief demonstration of the test suite. (10 min.)
10. Maximizing Alignment Between X.500 and LDAP - Skip Slone (Lockheed Martin)
http://www.ietf.org/internet-drafts/draft-slone-ldap-x500-align-00.txt
This personal draft is intended to provide information of interest to
developers of Lightweight Directory Access Protocol (LDAP) specifications
and products. It is intended to provide background information and to
facilitate discussion within IETF Working Groups, most notably LDAPbis.
This presentation will focus on the alignment of features used when
supporting PKI (10 min.)
11. LDAP: Schemas, String Values, and more - David Chadwick (Univ of Salford)
Kurt Zeilenga, co-chair of LDAPbis (OpenLDAP)
LDAP is a critical technology for distribution of certificates and CRLs,
but there are interoperability issues when used to support PKIX
implementations. Some functional requirements (e.g., directory searches
based on certificate contents) remain unmet. Some of these problems
need to be resolved in the PKIX WG; others are in the LDAPbis WG problem
space. We have a number of unresolved issues to discuss including scope
of work for the LDAP PKI schema, matching rules, and string values for DN
attributes. The presentation will include the options for PKIX, along
with recommendations from LDAPbis. (25 min.)