Public-Key Infrastructure (X.509) WG (pkix) MONDAY, November 10, 2003 1530-1730 ================================= CHAIRs: Stephen Kent Tim Polk AGENDA: 1. WG Status and Direction 1.1 Document Status Review [Tim Polk (NIST)] The working group has a number of Internet-Drafts. Many documents are with the ADs or in various stages of WG Last Call. Several others are ready for Last Call. (10 min.) 1.2 Proposed WG Milestones [Tim Polk (NIST)] The working group milestones are out of date. New milestones are needed; these milestones need to satisfy IESG direction for an orderly closeout of WG activities. (10 min.) 2. PKIX WG Specifications 2.1 Subject Identification Method [TBD] http://www.ietf.org/internet-drafts/draft-ietf-pkix-sim-01.txt The current SIM draft introduces a number of new parameters. While these parameters add additional complexity, they were required to satisfy the draft's security requirements. The presentation will focus on the security requirements and proposed solution. Open issues will also be identified. (10 min.) 2.2 LDAP Schemas, String Values, and more - Peter Gietz The WG has a suite of LDAP-PKIX drafts forming a comprehensive solution for LDAP based PKI information distribution. New drafts will be published soon after this meeting; the presenter will discuss changes that will appear in the new drafts. (15 min.) 2.3 Qualified Certificates Stefan Santesson http://www.ietf.org/internet-drafts/draft-ietf-pkix-sonof3039-02.txt Work on the QC document has continued in both PKIX and ETSI. At least one more draft is envisioned; this presentation will describe planned updates and propose a path for completion of the QC document. (10 min.) 2.4 Certification Path Building Peter Hesse (Gemini Security) http://www.ietf.org/internet-drafts/draft-ietf-pkix-certpathbuild- 01.txt This document was written to provide guidance and recommendations to developers building X.509 public-key certification paths within their applications. The next draft is aimed for WG Last Call; the presenter will discuss changes since -00 and additional changes projected for the forthcoming -02 draft. (10 min.) 2.5 OCSP Mike Myers (TraceRoute) http://www.ietf.org/rfc/rfc2560.txt A number of issues regarding OCSP have resurfaced on the mailing list. The presenter will summarize the issues from the mailing list and present a way forward. (5 min.) 3. Liaison/Related Projects The following specifications will update the WG on related activities. 3.1 OASIS PKI survey Steve Hanna (Sun) The OASIS Public Key Infrastructure Technical Committee conducted a web-based survey to identify the key barriers to PKI deployment and usage. The TC is currently developing an Action Plan to address these barriers. The presentation will address the survey results and preview the action plan. (15 min.) 3.2 Path Validation Protection Profiles Tim Polk (NIST) NIST is currently performing the interoperability testing for RFC 3280. One aspect of that effort is the RFC 3280 path validation test suite developed jointly by NIST, DigitalNet, and NSA. To promote independnet testing based on the test suite, NIST has submitted protection profiles for path validation modules for NIAP validation. (10 min.)