NOTE: This charter is a snapshot of the 47th IETF Meeting in Adelaide, Australia. It may now be out-of-date. Last Modified: 03-Feb-00
Chair(s):
Stephen Kent <kent@bbn.com>
Warwick Ford <wford@verisign.com>
Security Area Director(s):
Jeffrey Schiller <jis@mit.edu>
Marcus Leech <mleech@nortelnetworks.com>
Security Area Advisor:
Jeffrey Schiller <jis@mit.edu>
Mailing Lists:
General Discussion:ietf-pkix@imc.org
To Subscribe: ietf-pkix-request@imc.org
In Body: subscribe (In Body)
Archive: http://www.imc.org/ietf-pkix
Description of Working Group:
The PKIX Working Group was established in the Fall of 1995 with the intent of developing Internet standards needed to support an X.509-based PKI. Several informational and standards track documents in support of the original goals of the WG have been approved by the IESG. The first of these standards, RFC 2459, profiles the X.509 version 3 certificates and version 2 CRLs for use in the Internet. The Certificate Management Protocol (CMP) (RFC 2510), the Online Certificate Status Protocol (OCSP) (RFC 2560), and the Certificate Management Request Format (CRMF) (RFC 2511) have been approved, as have profiles for the use of LDAP v2 for certificate and CRL storage (RFC 2587) and the use of FTP and HTTP for transport of PKI operations (RFC 2585). RFC 2527, an informational RFC on guidelines for certificate policies and practices also has been published, and the IESG has approved publication of an information RFC on use of KEA (RFC 2528) and is expected to do the same for ECDSA. Work continues on a second certificate management protocol, CMC, closely aligned with the PKCS publications and with the cryptographic message syntax (CMS) developed for S/MIME. A roadmap, providing a guide to the growing set of PKIX document, is also being developed as an informational RFC.
The working group is now embarking on additional standards work to develop protocols that are either integral to PKI management, or that are otherwise closely related to PKI use. Work is ongoing on alternative certificate revocation methods. There also is work defining conventions for certificate name forms and extension usage for "qualified certificates," certificates designed for use in (legally binding) non-repudiation contexts. Finally, work is underway on protocols for time stamping and data certification. These protocols are designed primarily to support non-repudiation, making use of certificates and CRLs, and are so tightly bound to PKI use that they warrant coverage under this working group.
Additional work will be initiated on a profile for X.509 attribute certificates, resulting in a new RFC and, perhaps, in extensions to existing certificate management standards to accommodate differences between attribute certificates and public-key certificates.
Goals and Milestones:
Sep 99 |
|
Update RFC 2459, in anticipation of progression from PROPOSED to DRAFT |
Sep 99 |
|
Complete approval of CMC, and qualified certificates documents |
Dec 99 |
|
Update March/April RFCs, for progress from PROPOSED to DRAFT |
Dec 99 |
|
Complete time stamping document |
Dec 99 |
|
Continue attribute certificate profile work |
Dec 99 |
|
Complete data certification document |
Mar 00 |
|
Complete work on attribute certificate profile |
Internet-Drafts:
· Certificate Management Messages over CMS
· Internet X.509 Public Key Infrastructure Time Stamp Protocols (TSP)
· Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols
· Internet X.509 Public Key Infrastructure PKIX Roadmap
· Diffie-Hellman Proof-of-Possession Algorithms
· An Internet AttributeCertificate Profile for Authorization
· Simple Certificate Validation Protocol (SCVP)
· Using TCP as a Transport Protocol for CMP
· Limited AttributeCertificate Acquisition Protocol
· A String Representation of General Name
· Internet X.509 Public Key Infrastructure Technical Requirements for a non-Repudiation Service
· Internet X.509 Public Key Infrastructure Qualified Certificates
· Internet X.509 Public Key Infrastructure Certificate Management Protocols
Request For Comments:
RFC |
Status |
Title |
RFC2459 |
PS |
Internet X.509 Public Key Infrastructure Certificate and CRL Profile |
RFC2510 |
PS |
Internet X.509 Public Key Infrastructure Certificate Management Protocols |
RFC2511 |
PS |
Internet X.509 Certificate Request Message Format |
RFC2527 |
Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework | |
RFC2528 |
Internet X.509 Public Key Infrastructure Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Public Key Infrastructure Certificates | |
RFC2559 |
PS |
Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2 |
RFC2585 |
PS |
Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP |
RFC2587 |
PS |
Internet X.509 Public Key Infrastructure LDAPv2 Schema |
RFC2560 |
PS |
X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP |
None received.
None received.