draft meeting minutes for review & comment by 8-20
Stephen Kent <kent@bbn.com> Wed, 04 August 2004 19:14 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA00914 for <pkix-archive@lists.ietf.org>; Wed, 4 Aug 2004 15:14:25 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i74I5F2C002130; Wed, 4 Aug 2004 11:05:15 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i74I5FqQ002124; Wed, 4 Aug 2004 11:05:15 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i74I5EfP002113 for <ietf-pkix@imc.org>; Wed, 4 Aug 2004 11:05:15 -0700 (PDT) (envelope-from kent@bbn.com)
Received: from [130.129.134.171] (ramblo.bbn.com [128.33.0.51]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id i74I5B7X014360 for <ietf-pkix@imc.org>; Wed, 4 Aug 2004 14:05:12 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@localhost
Message-Id: <p06110407bd36d12498fc@[130.129.134.171]>
Date: Wed, 04 Aug 2004 14:04:58 -0400
To: ietf-pkix@imc.org
From: Stephen Kent <kent@bbn.com>
Subject: draft meeting minutes for review & comment by 8-20
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang)
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
PKIX WG Meeting 8-4-04 Edited by Steve Kent Chairs: Stephen Kent <kent@bbn.com> & Tim Polk <tim.polk@nist.gov> The PKIX WG met once during the 60th IETF. A total of approximately 73 individuals participated in the meeting. WG Status and Direction Document Status Review [Tim Polk (NIST)] The working group has a number of Internet-Drafts. Many documents are with the ADs or in various stages of WG Last Call. Several others are ready for Last Call. (Also, The working group milestones have been out of date, although several were recently updated. An additional pass to revise the milestones will be made by the WG chairs, and the results posted to the WG home page. (slides) PKIX WG Specifications LDAP Specifications PKIX has a number of LDAP-based specifications supporting publication and distribution of certificates and CRLs. LDAP Schemas, String Values, etc. - David Chadwick (U. of Salford) draft-ietf-pkix-ldap-crl-schema-02.txt draft-ietf-pkix-ldap-ac-schema-01.txt The WG has a suite of LDAP-PKIX drafts forming a comprehensive solution for LDAP based PKI information distribution. New drafts of two I-Ds have been submitted since IETF 59 and additional drafts will be published soon after this meeting. Documents will be Informational, WG submissions, having previously been individual submissions. A late September WG last call is planned, to accommodate the author's schedule. (slides) Practical Considerations for Use of LDAP in PKIX - Kurt Zeilenga (LDAPbis WG co-chair) Practical considerations must be considered to maximize the utility and interoperability of LDAP-based PKIs. This presentation discussed known issues and (where applicable) ways to address them. Highlights include ";binary" support. Goal is to complete this work (3 documents) via staged WG last calls in late August, September, and October, so that all 3 are done before D.C. UETF meeting. (slides) Matching Text Strings in PKIX Certificates - Paul Hoffman (IMC) & Steve Hanna (Sun->Funky) draft-hoffman-pkix-stringmatch-00.txt This specification describes the use of (LDAP) Stringprep to support comparison and matching of international text strings. This document resolves an open issue from RFC 3280, where the minimum requirements for name comparison were specified as binary matching. Since the publication of RFC 3280, the Stringprep specification has been completed, providing a solid basis for comparison and matching of test strings in PKIX certificates. Target is a standards track document as a PKIX WG item, to be referenced from 3280bis. X.500 provides per-attribute matching rules, and is being updated to use Stringprep, so the emphasis in PKIX should be on alternative name matching. Target is to identify, and resolve, issues by the next IETF meeting. (slides) RFC 3280 Progression- Tim Polk (NIST) NIST will present the current plan and milestones for progression of RFC 3280 to Draft Standard. Russ identified a problem for 3280bis, related to international string matching, i.e., 3280 punted on the topic of wildcard matching, and so 3280bis needs to address this issue, in the Stringprep context. (slides) Subject Identification Method - Tim Polk (NIST) for Jongwook Park (KISA) draft-ietf-pkix-sim-03.txt A new draft of the Subject Identification Method has been submitted since IETF 59. The document is relatively stable and mature. WG Last Call is expected very soon for the next (final?) draft of this document. (slides) SCVP Progression - Tim Polk (NIST) for Trevor Freeman (Microsoft) draft-ietf-pkix-scvp-15.txt This document has been in WG Last Call since early 2004. Completion of WG Last Call was blocked by newly identified implementation requirements for unsigned messages to support DPD. Early proposals did not satisfy RFC 3739, and were rejected. A new draft has been submitted since IETF 59 implementing unsigned messages while satisfying RFC 3379 and the implementation requirements. It seems likely that there additional revisions will be needed before the document is finished, given last call comments. Target is to be done before D.C. meeting. (slides) OCSPv1 Progression to DRAFT - Mike Myers (Traceroute) Need to resolve an ambiguity in the text, re nonces, to clarify this in a fashion that accommodates existing implementation practice. Should me a 1 paragraph change and allow the document to proceed to DRAFT quickly. (no slides) Related Specifications & Liaison Presentations Specification of OCSP in IKEv2 - Mike Myers (TraceRoute) draft-myers-ipsec-ikev2-oscp-00.txt This is an IPsec topic that uses a PKIX protocol. The presentation described issues with the specification of OCSP in IKEv2, to provide an alternative to sending CRLs via IKE. Motivations are to avoid fragmentation concerns in IKE, and because it might be hard to gain access to an OCSP server w/o secure access (a chicken & egg problem). An individual submission; not a PKIX document. (slides) User Interface Requirement for the Internet X.509 Public Key Infrastructure - Jaehoo Yoon (KISA) draft-choi-pkix-ui-00.txt This document proposes basic requirements for a user interface for PKI client software, with an emphasis on usability and smart card support. Requirements addressed by the document include root CA certificate management, certificate sharing among applications, local storage, etc. Targeted to be an informational document for system designers. An individual (not PKIX) submission. (slides)
- draft meeting minutes for review & comment by 8-20 Stephen Kent