NOTE: This charter is accurate as of the 37th IETF Meeting in San Jose. It
may now be out-of-date. (Consider this a "snapshot" of the working
group from that meeting.) Up-to-date charters for all active working
groups can be found elsewhere in this Web server.
- Steve Kent <firstname.lastname@example.org>
- Warwick Ford <email@example.com>
Security Area Director(s):
- Jeffrey Schiller <firstname.lastname@example.org>
Mailing List Information
- General Discussion:email@example.com
- To Subscribe: firstname.lastname@example.org
- In Body: subscribe <email address> ietf-pkix
- Archive: ftp://ftp.tandem.com/ietf/mailing-lists/current
Description of Working Group
Many Internet protocols and applications which use the Internet employ
public-key technology for security purposes and require a public-key
infrastructure (PKI) to securely manage public keys for
widely-distributed users or systems. The X.509 standard constitutes a
widely-accepted basis for such an infrastructure, defining data formats
and procedures related to distribution of public keys via certificates
digitally signed by certification authorities (CAs). RFC 1422
specified the basis of an X.509-based PKI, targeted primarily at
satisfying the needs of Internet Privacy Enhanced Mail (PEM). Since
RFC 1422 was issued, application requirements for an Internet PKI have
broadened tremendously, and the capabilities of X.509 have advanced
with the development of standards defining the X.509 version 3
certificate and version 2 certificate revocation list (CRL).
The task of the working group will be to develop Internet standards
needed to support an X.509-based PKI. The goal of this PKI will be to
facilitate the use of X.509 certificates in multiple applications which
make use of the Internet and to promote interoperability between
different implementations choosing to make use of X.509 certificates.
The resulting PKI is intended to provide a framework which will support
a range of trust/hierarchy environments and a range of usage
environments (RFC1422 is an example of one such model).
Candidate applications to be served by this PKI include, but are not
limited to, PEM, MOSS, GSS-API mechanisms (e.g., SPKM), ipsec
protocols, Internet payment protocols, and www protocols. This project
will not preclude use of non-infrastructural public-key distribution
techniques nor of non-X.509 PKIs by such applications. Efforts will be
made to coordinate with the IETF White Pages (X.500/WHOIS++) project.
The group will focus on tailoring and profiling the features available
in the v3 X.509 certificate to best match the requirements and
characteristics of the Internet environment.
Other topics to be addressed potentially include:
o Alternatives for CA-to-CA certification links and structures,
including guidelines for constraints
o Revocation alternatives, including profiling of X.509 v2 CRL
o Certificate and CRL distribution options (X.500-based,
o Guidelines for policy definition and registration
o Administrative protocols and procedures, including certificate
generation, revocation notification, cross-certification, and
o Naming and name forms (how entities are identified, e.g., email
address, URN, DN, misc.)
o Generation of client key pairs by the PKI
Goals and Milestones
- Oct 95
- Agree on working group charter.
- Nov 95
- Complete initial strawman PKI specification.
- Dec 95
- First meeting at Dallas IETF.
- Jul 96
- Submit PKI (X.509) specification to IESG for consideration as a Proposed Standard.
No Request for Comments