PKIX WG Meeting 7/17/03
<BR>

<BR>
Edited by Steve Kent
<BR>

<BR>
Chairs: Stephen Kent &lt;kent@bbn.com&gt;, Tim Polk &lt;tim.polk@nist.gov&gt;
<BR>

<BR>
The PKIX WG met once during the 57th IETF. A total of approximately 75 individuals participated in the meeting.
<BR>

<BR>

<BR>
Agenda review and document status - Tim Polk (NIST)
<BR>
  There are about XX WG documents in various stages in the process, some of which fell through the cracks due to process glitches. [slides]
<BR>

<BR>
WG Focus and Direction - Russ Housley
<BR>
  The working group has received direction from the IESG that will limit the types of new specifications accepted as PKIX work products. Thus the WG is not accepting new work items.  New WGs will be formed, as needed, to address PKI issues, or individual drafts can be submitted and subject to IETF-wide last call if the work described in them is mature and non-controversial. [no slides]
<BR>

<BR>
Document Status Review - Tim Polk (NIST)
<BR>
      The working group has a fair number of Internet-Drafts in various stages of processing, but since the last meeting considerable progress has been made. Several IDs are in or have recently completed last call. [slides]
<BR>

<BR>

<BR>
PKIX WG Specifications
<BR>

<BR>
Simple Certificate Validation Protocol - Trevor Freeman (Microsoft)
<BR>
      The current draft of SCVP is in WG Last Call, which was extended until August 4th, to allow additional time for comment (due to overlap with the current IETF meeting). The document is believed to be in full compliance with RFC 3379. This presentation discussed changes since the previous (version 11) draft. Plan is to progress to IETF last call and IESG review very soon. [slides]
<BR>

<BR>

<BR>
RFC 3280 Progression - Tim Polk (NIST)
<BR>
        NIST is currently performing the interoperability testing for RFC 3280. This presentation updated the WG on NIST's progress, projected completion date, and issues identified to date. Primary focus is on the RFC 3280 path validation test suite developed jointly by NIST, DigitalNet, and NSA. Discussion of the problem of UTF-8 string matching, which has been addressed in the DNS context (RFC 3454), but is addressed only minimally in 3280. Plan is to stick with the current 3280 spec for progression to DRAFT, but to create a separate document to specify what CAs should do, to ensure that the simple, binary comparison will work in path building. [slides]
<BR>

<BR>
LDAP Documents: - David Chadwick (Univ of Salford) & Peter Gietz (DAASI)
<BR>
     The WG has a suite of LDAP-PKIX drafts forming a comprehensive solution for LDAP based PKI information distribution.  New drafts on PKC certificate schema, CRL schema and on Attribute Certificate schema have been published since the 56th IETF.  The authors presented the changes in these documents and discussed the timeline for document completion. Biggest issue on the table for the schema document is that Microsoft says it will not support multi-valued attributes (e.g., a terminal RDN that is a set consisting of a common name and a serial number). Direction from WG chairs is to maintain this requirement, and to discuss with MS why they believe this is not a necessary feature. Plan is to proceed to last call immediately after this IETF meeting. Still have to deal with the "; binary" issue for transfer of LDAP data. [slides]
<BR>

<BR>
Qualified Certificates  - Stefan Santesson (Microsoft)
<BR>
      This presentation proposed a path for the evolution of the QC document. The intent is to relax some current QC profile constraints (e.g., re setting the NR bit), consistent with activities within ETSI, which uses this document as a basis for EU standards with regard to qualified certificates. Also need to bring this RFC into alignment with RFC 3280. [slides]
<BR>

<BR>
Certification Path Building  - Matt Cooper (Orion Security)
<BR>
      This document, intended to become an informational RFC, was written to provide guidance and recommendations to developers building X.509 public-key certification paths within their applications, based on experience gained in several contexts. The document describes different PKI structures, considerations for forward vs. reverse path construction, tree pruning, etc. emphasis on value of disallowing repeated name/key combination in a path. Need to reword the introductory/overview text to make clear that the material presented is advisory, not mandatory, and to acknowledge that overall, we are still in early stages of gaining experience in this area. Also, if this is to be a PKIX document, then need to clarify that some of the "rules" deal with accommodation of non-complaint certificates. [slides]
<BR>

<BR>
RSA Public Key Algorithms - Jim Schaad (Soaring Hawk)
<BR>
   New member of editorial team for this document. Discussed open questions of OID use (encryption vs. signature) and parameters use. New draft will be issued soon. [no slides]
<BR>

<BR>

<BR>
Related Specifications
<BR>

<BR>
The following personal drafts address topics of interest to the PKIX WG, and are presented to highlight the availability of the drafts and encourage input from the WG.
<BR>

<BR>
Russian Cryptographic Algorithms for PKIX - Grigory Chudov (Crypto-Pro)
<BR>
        This personal draft documents the use of Russian national cryptography standards (GOST) in the PKIX context. It was developed within the "Russian Cryptographic Software Compatibility Agreement", and signed by major Russian cryptographic software vendors. This agreement specifies parameters not nailed down in basic Russian Government standards. [slides]
<BR>

<BR>
Memorandum for multi-domain PKI Interoperability - Masaki SHIMAOKA (SECOM)
<BR>
    This personal draft documents known issues and considerations for multi-domain PKI, and provides guidelines for multi-domain PKI interoperability as a best current practice. The scope of this specification is the establishment of trust relationships and interoperability among multiple PKI domains. This specification is a follow on to the JNSA Challenge PKI 2002 and Multi-Domain PKI Test Suite. [slides]
<BR>

<BR>

<BR>
Liaison/Related Projects
<BR>

<BR>
The following specifications will update the WG on related EU activities.
<BR>

<BR>
European Open Standards for Electronic Signatures: the EESSI - Riccardo Genghini, EESSI Chair (SG&A)
<BR>
        The European Electronic Signature Standardization Initiative (EESSI) is an industry initiative in Support of the European Directive on Electronic Signatures. This presentation described the status of the ESESI's current and recent work, which has just been published. This presentation was an update to the status report provided at the 56th IETF. [slides]
<BR>

<BR>
OpenEvidence Project - Peter Sylvester (EdelWeb)
<BR>
    The EU IST project OpenEvidence is an Open source project concerning technologies for establishing the long term validity (integrity, time of posting, Š) of documents. The presentation addressed the goals and the current status of the implementations. Plan to update RFCs 3161 and 3029 to reflect additional experience gained in this project. [slides]
<BR>