2.6.8 Public-Key Infrastructure (X.509) (pkix)

NOTE: This charter is a snapshot of the 58th IETF Meeting in Minneapolis, Minnesota USA. It may now be out-of-date.

Last Modified: 2003-09-10

Stephen Kent <kent@bbn.com>
Tim Polk <wpolk@nist.gov>
Security Area Director(s):
Russell Housley <housley@vigilsec.com>
Steven Bellovin <smb@research.att.com>
Security Area Advisor:
Russell Housley <housley@vigilsec.com>
Mailing Lists:
General Discussion: ietf-pkix@imc.org
To Subscribe: ietf-pkix-request@imc.org
In Body: subscribe (In Body)
Archive: http://www.imc.org/ietf-pkix
Description of Working Group:
The PKIX Working Group was established in the Fall of 1995 with the intent of developing Internet standards needed to support an X.509-based PKI. The scope of PKIX work has expanded beyond this initial goal. PKIX not only profiles ITU PKI standards, but also develops new standards apropos to the use of X.509-based PKIs in the Internet.

PKIX has produced several informational and standards track documents in support of the original and revised scope of the WG. The first of these standards, RFC 2459, profiled X.509 version 3 certificates and version 2 CRLs for use in the Internet. Profiles for the use of Attribute Certificates (RFC XXXX [pending]), LDAP v2 for certificate and CRL storage (RFC 2587), the Internet X.509 Public Key Infrastructure Qualified Certificates Profile (RFC 3039), and the Internet X.509 Public Key Infrastructure Certificate Policy and certification Practices Framework (RFC 2527 - Informational) are in line with the initial scope.

The Certificate Management Protocol (CMP) (RFC 2510), the Online Certificate Status Protocol (OCSP) (RFC 2560), Certificate Management Request Format (CRMF) (RFC 2511), Time-Stamp Protocol (RFC 3161), Certificate Management Messages over CMS (RFC 2797), Internet X.509 Public Key Infrastructure Time Stamp Protocols (RFC 3161), and the use of FTP and HTTP for transport of PKI operations (RFC 2585) are representative of the expanded scope of PKIX, as these are new protocols developed in the working group, not profiles of ITU PKI standards.

A roadmap, providing a guide to the growing set of PKIX document, also has been developed as an informational RFC.

Ongoing PKIX Work items

An ongoing PKIX task is the progression of existing, standards track RFCs from PROPOSED to DRAFT. Also, to the extent that PKIX work relates to protocols from other areas, e.g., LDAP, it is necessary to track the evolution of the other protocols and produce updated RFCs. For example, the LDAP v2 documents from PKIX are evolving to address LDAP v3. Finally, since the profiling of X.509 standards for use in the Internet remains a major focus, the WG will continue to track the evolution of these standards and incorporate changes and additions as appropriate.

New Work items for PKIX

- production of a requirements RFC for delegated path discovery and path validation protocols (DPD/DPV) and subsequent production of RFCs for protocols that satisfy the requirements

- development of a logotype extension for certificates

- development of a proxy certificate extension and associated processing rules

- development of an informational document on PKI disaster recovery

These work items may become standards track, INFORMATIONAL or EXPERIMENTAL RFCs, or may not even be published as RFCs.

Other deliverables may be agreed upon as extensions are proposed. New deliverables must be approved by the Security Area Directors before inclusion on the charter or IETF meeting agendas.

Goals and Milestones:
Done  Complete approval of CMC, and qualified certificates documents
Done  Complete time stamping document
Done  Continue attribute certificate profile work
Done  Complete data certification document
Done  Complete work on attribute certificate profile
Done  Standard RFCs for public key and attribute certificate profiles, CMP, OCSP, CMC, CRMF, TSP, Qualified Certificates, LDAP v2 schema, use of FTP/HTTP, Diffie-Hellman POP
Done  INFORMATIONAL RFCs for X.509 PKI policies and practices, use of KEA
Done  Experimental RFC for Data Validation and Certification Server Protocols
Done  Production of revised certificate and CRL syntax and processing RFC (son-of-2459)
Done  DPD/DVP Requirements RFC
Sep 03  Certificate Policy & CPS Informational RFC (revision)
Oct 03  Progression of CRMF, CMP, and CMP Transport to DRAFT Standard
Oct 03  Logotype Extension RFC
Oct 03  Proxy Certificate RFC
Nov 03  SCVP proposed Standard RFC
Dec 03  Progression of CMC RFCs to DRAFT Standard
Mar 04  Progression of Qualified Certificates Profile RFC to DRAFT Standard
Mar 04  Progression of Certificate & CRL Profile RFC to DRAFT Standard
Mar 04  Progression of Time Stamp Protocols RFC to DRAFT Standard
Mar 04  Progression of Logotype RFC to DRAFT Standard
Jun 04  Progression of Proxy Certificate RFC to DRAFT Standard
Jun 04  Progression of SCVP to Draft Standard
Jun 04  Progression of Attribute Certificate Profile RFC to DRAFT standard
  • - draft-ietf-pkix-roadmap-09.txt
  • - draft-ietf-pkix-scvp-13.txt
  • - draft-ietf-pkix-rfc2510bis-08.txt
  • - draft-ietf-pkix-pi-07.txt
  • - draft-ietf-pkix-pkixrep-02.txt
  • - draft-ietf-pkix-rfc2511bis-06.txt
  • - draft-ietf-pkix-proxy-08.txt
  • - draft-ietf-pkix-logotypes-12.txt
  • - draft-ietf-pkix-x509-ipaddr-as-extn-03.txt
  • - draft-ietf-pkix-warranty-extn-03.txt
  • - draft-ietf-pkix-dnstrings-02.txt
  • - draft-ietf-pkix-wlan-extns-04.txt
  • - draft-ietf-pkix-sim-01.txt
  • - draft-ietf-pkix-rsa-pkalgs-00.txt
  • - draft-ietf-pkix-ecc-nist-recommended-curves-00.txt
  • - draft-ietf-pkix-ocsp-dpvdpd-00.txt
  • - draft-ietf-pkix-ldap-crl-schema-01.txt
  • - draft-ietf-pkix-ldap-ac-schema-00.txt
  • - draft-ietf-pkix-tap-00.txt
  • - draft-ietf-pkix-sonof3039-02.txt
  • - draft-ietf-pkix-certpathbuild-01.txt
  • - draft-ietf-pkix-sca-00.txt
  • Request For Comments:
    RFC2459 PS Internet X.509 Public Key Infrastructure Certificate and CRL Profile
    RFC2510 PS Internet X.509 Public Key Infrastructure Certificate Management Protocols
    RFC2511 PS Internet X.509 Certificate Request Message Format
    RFC2527 I Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework
    RFC2528 I Internet X.509 Public Key Infrastructure Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Public Key Infrastructure Certificates
    RFC2559 PS Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2
    RFC2585 PS Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP
    RFC2587 PS Internet X.509 Public Key Infrastructure LDAPv2 Schema
    RFC2560 PS X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
    RFC2797 PS Certificate Management Messages over CMS
    RFC2875 PS Diffie-Hellman Proof-of-Possession Algorithms
    RFC3039 PS Internet X.509 Public Key Infrastructure Qualified Certificates Profile
    RFC3029 E Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols
    RFC3161 PS Internet X.509 Public Key Infrastructure Time Stamp Protocols (TSP)
    RFC3279 PS Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and CRI Profile
    RFC3280 PS Internet X.509 Public Key Infrastructure Certificate and CRL Profile
    RFC3281 PS An Internet Attribute Certificate Profile for Authorization
    RFC3379 I Delegated Path Validation and Delegated Path Discovery Protocol Requirements
    RFC3628 I Policy Requirements for Time-Stamping Authorities
    RFC3647 I Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework

    Current Meeting Report

    ------------------PKIX WG Meeting 11/10/03
    Edited by Steve Kent
    Chairs: Stephen Kent <kent@bbn.com>, Tim Polk 
    The PKIX WG met once during the 58th IETF. A total of 
    approximately 73 individuals participated in the meeting.
    Agenda review and document status - Tim Polk (NIST) 
    There are a number of WG documents in various stages in the process. Two 
    RFcs (3628 & 3647) were issued since the last IETF meeting.  Three 
    documents (Permanent Identifiers, CMP and CRMF) will be revised based on 
    IESG comments. The Logotypes I-D has been revised in response to IESG 
    comments and should be approved soon. The Proxy Certificates and IP 
    Addresses & AS Identifiers I-Ds are in the hands of the IESG. Five 
    documents are close to emerging from the WG. SCVP is being revised to 
    reflect WG last call comments. Attribute Certificate Policies is in WG last 
    call, but there is some question re support for the document. A straw poll on 
    the document indicated about seven in favor of standards track 
    progression, and about 4 in favor of an informational RFC, and a fair 
    amount of indifference. Qualified certificates will enter WG last call 
    after the meeting. The EEC "NIST Curves" I-D and the path building I-D also 
    will be forward to the ADs by January.
    Ongoing work items include Subject Identification Method (SIM), PK 
    algorithms, LDAP specs, OCSPv2, and progression of 3279/3280. the only new 
    work item is a name comparison spec (to address international name 
    issues), an initial draft of which is slated for the Seoul meeting. 
    PKIX WG Specifications
    SIM - Jongwook Park (KISA) & Tim Polk (NIST)
    This specification is still in early stages of development.  Current 
    efforts are concentrating on formalizing security goals and 
    requirements.  The implementation details are still being revised, and in 
    some cases appear as a TBD in the current draft. Unresolved issues 
    include where to put the hash value, e.g., as an extension vs. as an 
    otherName, and some details of the two-pass hashing function. [slides]
    RFC 3039bis (Qualified Certificates) - Stefan Santesson (Microsoft)
    	The QC document is technically stable and incorporates the required 
    changes for 3280 alignment.  Minor issues remain for the ASN.1 in the 
    document; the AD has provided clear guidance for resolution. Three issues 
    raised on the list (regarding the document name, timeline for 
    progression, and its relationship to RFC 3039) were also discussed. The WG 
    chairs and the AD indicated that WG Last Call is appropriate at this time, 
    and that the new specification should obsolete RFC 3039.
    Certificate Path Building  - Peter Hesse (Gemini Security)
          This document, intended to become an informational RFC, was 
    written to provide guidance and recommendations to developers building 
    X.509 public-key certification paths within their applications, based on 
    experience gained in several contexts. The document describes 
    different PKI structures, considerations for forward vs. reverse path 
    construction, tree pruning, etc. emphasis on the value of 
    disallowing repeated name/key combination in a path. Guidance is based on 
    experience with various products, but must describe processes that are 
    consistent with PKIX RFCs. This is just an advisory document, not 
    proscriptive, and so there will be no MUSTs, SHOULDS, etc. Plan to 
    release another version of the document by the end of this month, then 
    proceed to WG last call. [slides]
    OCSPv1 problem - Mike Meyers (Traceroute)
    	OCSP has a facility in which a client may include a nonce in a 
    request, to detect and reject replays of responses. 
    Unfortunately, the RFC did not make perfectly clear that a client MUST 
    reject a response that did not include a nonce, if the client included a 
    nonce in the request. Similarly, the RFC did not make clear what a server 
    should do if it receives a request with a nonce, but is incapable of 
    generating a response containing a nonce, i.e., a server that deals only 
    with pre-signed responses. 
    	A straw poll indicated that the vast majority of clients deal with these 
    issues properly, but not all. OCSP servers that rely on caching do not 
    generate a unique response for each request, so they omit nonces.  An 
    error could be returned by a server to indicate the inability to respond 
    properly to a request with a nonce, but errors are not signed, so this does 
    not address the security concern.
    	Russ Housley, the cognizant AD made the following observation re this 
    issue. "When an OCSP Client puts a nonce in an OCSP Request, replay 
    protection is expected. Therefore, the OCSP Responder MUST include the same 
    nonce value in the OCSP Response.  If the OCSP Client receives an OCSP 
    Response that fails to include the correct nonce value, it MUST be 
    Liaison/Related Projects
    IPsec PKI Profile - Brian Korver (Xythos Software)
    	Announcement of a BOF on this topic on Thursday, 9 AM. 
    Steve Hanna (Sun) - OASIS PKI Obstacles Survey Report
    	Steve is the co-chair of the OASIS PKI technical committee. Effort is 
    trying to determine obstacles to successful PKI deployment and 
    adoption, and to recommend ways to eliminate these obstacles. Survey 
    generated 200 responses. Most significant obstacles include:
    - lack of application support
    - high costs
    - complexity, lack of understanding
    - interoperability problems
    Suggested fixes include:
    - free software
    - cookbook deployment guidance
    - path validation guidance
    - too many standards for some function, too general, not enough 
    standards for other functions
    Action plan now available for public review. [slides]
    Path Validation Conformance Tests - Tim Polk [NIST]
    	A suite of tests has been developed by NIST and several 
    contractors, designed to ensure that products implement RFC 3280 
    properly. It is an extensive suite of tests. NIST's goals are to 
    encourage vendors to submit products for testing, and for users to demand 
    products that pass the tests. Common Criteria Protection Profiles have been 
    created, based on these tests, in an effort to achieve the goal noted 
    above. These profiles should be validated and available for use by the end of 
    2003.  [slides]


    Public Key Infrastructure Using X.509 (PKIX) Working Group
    Obstacles to PKI Deployment and Usage
    Son of RFC 3039 Qualified Certificates Profile
    NIST Path Validation Protection Profiles
    Subject Identification Method
    Certificate Path Building