2.6.8 Public-Key Infrastructure (X.509) (pkix)

NOTE: This charter is a snapshot of the 51st IETF Meeting in London, England. It may now be out-of-date. Last Modified: 31-Jul-01


Stephen Kent <kent@bbn.com>
Tim Polk <wpolk@nist.gov>

Security Area Director(s):

Jeffrey Schiller <jis@mit.edu>
Marcus Leech <mleech@nortelnetworks.com>

Security Area Advisor:

Jeffrey Schiller <jis@mit.edu>

Mailing Lists:

General Discussion:ietf-pkix@imc.org
To Subscribe: ietf-pkix-request@imc.org
In Body: subscribe (In Body)
Archive: http://www.imc.org/ietf-pkix

Description of Working Group:

The PKIX Working Group was established in the Fall of 1995 with the intent of developing Internet standards needed to support an X.509-based PKI. Several informational and standards track documents in support of the original goals of the WG have been approved by the IESG. The first of these standards, RFC 2459, profiles the X.509 version 3 certificates and version 2 CRLs for use in the Internet. The Certificate Management Protocol (CMP) (RFC 2510), the Online Certificate Status Protocol (OCSP) (RFC 2560), and the Certificate Management Request Format (CRMF) (RFC 2511) have been approved, as have profiles for the use of LDAP v2 for certificate and CRL storage (RFC 2587) and the use of FTP and HTTP for transport of PKI operations (RFC 2585). RFC 2527, an informational RFC on guidelines for certificate policies and practices also has been published, and the IESG has approved publication of an information RFC on use of KEA (RFC 2528) and is expected to do the same for ECDSA. Work continues on a second certificate management protocol, CMC, closely aligned with the PKCS publications and with the cryptographic message syntax (CMS) developed for S/MIME. A roadmap, providing a guide to the growing set of PKIX document, is also being developed as an informational RFC.

The working group is now embarking on additional standards work to develop protocols that are either integral to PKI management, or that are otherwise closely related to PKI use. Work is ongoing on alternative certificate revocation methods. There also is work defining conventions for certificate name forms and extension usage for "qualified certificates," certificates designed for use in (legally binding) non-repudiation contexts. Finally, work is underway on protocols for time stamping and data certification. These protocols are designed primarily to support non-repudiation, making use of certificates and CRLs, and are so tightly bound to PKI use that they warrant coverage under this working group.

Additional work will be initiated on a profile for X.509 attribute certificates, resulting in a new RFC and, perhaps, in extensions to existing certificate management standards to accommodate differences between attribute certificates and public-key certificates.

Goals and Milestones:

Sep 99


Update RFC 2459, in anticipation of progression from PROPOSED to DRAFT



Complete approval of CMC, and qualified certificates documents

Dec 99


Update March/April RFCs, for progress from PROPOSED to DRAFT



Complete time stamping document



Continue attribute certificate profile work



Complete data certification document



Complete work on attribute certificate profile

Request For Comments:






Internet X.509 Public Key Infrastructure Certificate and CRL Profile



Internet X.509 Public Key Infrastructure Certificate Management Protocols



Internet X.509 Certificate Request Message Format



Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework



Internet X.509 Public Key Infrastructure Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Public Key Infrastructure Certificates



Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2



Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP



Internet X.509 Public Key Infrastructure LDAPv2 Schema



X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP



Certificate Management Messages over CMS



Diffie-Hellman Proof-of-Possession Algorithms



Internet X.509 Public Key Infrastructure Qualified Certificates Profile



Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols

Current Meeting Report

PKIX WG Meeting 8/6/01
Edited by Steve Kent (WG co-chairs)

The PKIX WG met once during the 51st IETF. A total of approximately 153 individuals participated in the meeting.

Tim quickly reviewed the agenda and document status, noting that there are many I-Ds in progress. (see slides)

Two new RFCs in the editor's queue:
RFC 3161 Timestamp Protocol
RFC xxxx Attribute Certificate Profile

In the IESG Review Process:
PKIX Certificate and CRL Profile (a.k.a., son-of-2459)
Public Key Algorithms and Identifiers for the PKIX Certificate profile

Soon to be Submitted to IESG:
PKIX Roadmap
Repository Locator Service

In WG Last Call:

Close to WG last call:
Certificate Management Protocol (RFC 2510bis)
Certificate Request Message Framework (RFC 2511bis)
Transport Protocols for CMP
Online Certificate Status Protocol (OCSP v2)

New Work:

Logotype Certificates - Stefan Santesson (AddTrust)
Notion is to embed references to logos in certificates, for CAs or for EEs, to allow display of the logo as part of certificate processing. Argument is that people relate to logos in the physical world, and don't display certificate contents, so this is a way to bring branding into PKIs. Major concern is that people could be mislead by certificates issued by a CA that binds inappropriate logos to certificates it issues, e.g., there is no way to constrain logo references the same way we can constrain names. Proposal is to create a new extension for carrying a pointer (URL) to the logo image, an indication of the image type, and a hash of the image. (see slides)

Supplemental Algorithms - Ari Singer (NTRU)
New work item, to contain specs for a set of algorithms that COULD be used with PKIX data structures. Support for these algorithms is not mandated, but this document will provide a reference for these supplemental algorithms. Note need to include appropriate intellectual property warnings for proprietary algorithms, and to distinguish between algorithms that are standards, vs, proprietary. (see slides)

PKI Disaster Recovery - Denis Pinkas (Integris)
The goal of this new work is to create an informational RFC which addresses how to deal with compromise or loss of use of a CA, AA, or TSA key. Different requirements arise for EE signature keys vs. EE encryption keys, and these are addressed separately. (see slides)

Using DNS for PKI Support- Simon Josephson (RSA)
ID published as a personal draft. Focuses on using DNS to hold certificates and CRLs. Works especially well for S/MINE, given typical DNS lookup re MX records. Question is whether PKIX should adopt this as a work item? Will discuss this on the list. (no slides)

Ongoing Work:

LDAP V3 Profile and Certificate Matching Rules - David Chadwick (Univ of Salford)
Profile going well, looking for feedback before publishing as RFC. Matching rules work not as far along, but implementation work now funded at Salford, which will help progress.

CMC Update - Jim Schaad (Soaring Hawk Consulting)
Core functions largely unchanged, e.g., ASN syntax and processing rules will be static. New set of CMC documents being issued, breaking into multiple pieces to allow easier progression of pieces, e.g., S/MIME makes use of CMC for symmetric key distribution, compliance document. VeriSign hosted interoperability testing covering a large number of protocol features. Several issues were uncovered during testing. (see slides)

CMP Update - Carlisle Adams (Entrust)
Interoperability testing yielded clarifications and the document is now ready to go to Draft Standard status.

Proxy Certificates - Steven Tuecke (Argonne Labs)
Revised ID has been published. Related draft in TLS WG. Not many attendees have read this draft, according to a show of hands. Because it requires changes to certificate path validation, there is a significant question about whether these changes should be part of the base standards, or if this processing is a separate step to be performed after standard path validation processing. (see slides)

OCSPv2 - Michael Myers (VeriSign)
Authors have decided to publish as experimental for now. This includes the OCSPv2 draft, the DPD with OCSP draft, and the DPV draft. (no slides)

SCVP - Ambarish Malpani (ValiCert)
There were two significant changes to the draft: only ASN.1 syntax is employed and signatures are based on the CMS format. (no slides)

DPD/DPV - Denis Pinkas (Integris)
New ID posed to list. Incorporate new approach to DPV/DPD, using 3 protocols: DPV, DPD, and a separate protocol for management of policy data used for validation or discovery. This allows the DPD and DPV protocols to be smaller and simpler, because the management of parameters used for DPD/DPV is part of a separate protocol. The management protocol might not be implemented on many clients, e.g., thin clients. References to the parameters (policy) used for validation are OIDs, and there is a provision for a client to NOT specify a policy, but have a server employ a default policy and return that to the user. Extensive use of hashes of ancillary values to keep messages brief, but allow checking by client. DPV proposal allows for validation re current time, or past time (re-validation). DPV can return four answers, reflecting level of knowledge available to the server, especially with regard to revocation data. DPD and management protocol also presented in detail. (see slides)

Policy Requirements for Timestamping Authorities- Denis Pinkas (Integris)
Discussion of this ETSI document and solicitation of comments. (see slides).


Supplemental Algorithms and Identifiers for the X.509 Public Key Infrastructure Certificate and CRL Profile
Logotypes in Certificates
Internet X.509 Public Key Infrastructure Proxy Certificate Profile
PKI Disaster Planning and Recovery