DECISIONS (to be validated): ACTION ITEMS: - jhutz: send starttls to IESG - jimsch: validate ASN.1 module in preauth - tlyu: re-verify registry data in preauth - jhutz: send preauth to IESG - hartmans, lha: examine option for simpler anonymous PKINIT - leifj: revise data model SESSION SUMMARY: * Reviewed recent changes in document status: - STARTTLS is mostly ready to go to the IESG. The EKU/SAN issue is not fully resolved, but we've agreed to send the document as-is, with the issue called out in the PROTO writeup. Sam and/or Nico may re-raise the issue in IETF last call, where hopefully it will get some input from the PKIX community. - The preauth framework document is done and ready to go to the IESG. Before it can be sent, we need confirmation that the padata registry is correct (tlyu) and that the ASN.1 module compiles (jimsch). The chairs asked whether anyone was planning on implementing or had already done so, and got multiple positive responses. - Sam Hartman asked about the status of the DHCPv6 option draft. The author of that document, Shoichi Sakane indicated he hasn't had time to work on it recently due to dealing with comments on the cross-realm problem statement draft, but will get to it shortly after IETF. - Sam also asked about the status of anonymous, particularly with respect to Love's proposal for a simpler way to insure that, in an anonymous PKINIT transaction, both the client and KDC have contributed to the TGS session key. * Discussed two documents in last call: - The cross-realm problem statement document received comments during IETF last call which resulted in substantial revisions. A new WGLC has been started and will run until the end of November. Shoichi Sakane indicated he has some minor edits to -05 which he will post to the list during the last call. All participants are encouraged to review and comment on the new version before the last call ends. - The KDC data model document has recently concluded its third WGLC, and several comments were raised. Discussion is still ongoing on several of these; a new document version is expected shortly after discussion dies down. * Sam Hartman described a proposal for an extension to provide for protected negotiation of FAST by adding a typed-hole for protected data in the AS-REP. This technique was first used by Microsoft in Windows 2000 and seems to work.
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.