draft meeting minutes

[Stephen Kent <kent@bbn.com>]

Folks,

Here is the first draft of the meeting minutes. Please get 
comments/corrections to me by 3/21.

Thanks,

Steve
------

PKIX WG Meeting 3/8/05

Edited by Steve Kent

Chairs: Stephen Kent <kent@bbn.com> & Tim Polk <tim.polk@nist.gov>

The PKIX WG met once during the 62nd IETF. A total of approximately 
45 individuals participated in the meeting.


Document status - Tim Polk (NIST)
	Five documents in RFC Editor's queue. One document just 
approved by IESG, several more in the IESG queue for review & 
approval. Several documents stalled.


PKIX WG Document Presentations

Simple Certificate Validation Protocol (SCVP) - David Cooper (NIST)
	Significant progress has been made towards rough consensus 
through the two drafts submitted since the last meeting. These drafts 
represent been submitted with significant enhancements. At this stage 
(rev 18) the editors are trying to determine if the remaining 
comments suggesting changes have wide support and thus need to be 
accommodated. David noted some confusion re the semantics of the 
default validation policy part of the spec, which needs to be 
discussed on the list to resolve some ambiguities. Several "sense of 
the room" polls were taken, but the questions will be brought to the 
list for resolution.

3280bis - David Cooper (NIST)
	A design team met in January to develop a -00 draft from a 
issues list complied from PKIX mail messages and mail to the RFC 3280 
editors.  Draft -00 incorporates a number of clarifications and small 
changes designed to align with ISO and remove ambiguities, and a new 
section on comparing internationalized names. See the next 
presentation for details on internationalization of names. A question 
was raised as to whether this document should be used by an 
application to guide name matching rules, if the application makes 
use of a name from a certificate to make an access control decision 
or analogous determination. To first order, this document addresses 
matching rules only for name comparisons relative to path validation, 
e.g., for certificate chaining and for applications of name 
constraints.

UTF8String Deployment and Migration - Akira Kanaoka (Secom/JNSA PKI 
Challenge Project)
       This presentation reported on feedback received from a 
questionnaire on UTF8String deployment in Asia, i.e., to determine 
the extent to which CAs in Asia followed the RFC 3280 guidance on 
this topic, guidance that was rescinded in 3280bis! The survey was 
sent to Asia PKI Forum members in 9 countries, but got replies from 
11 CAs in 3 only countries. All of the CAs that replied were 
government-funded, not private CAs. Responses indicate that most CAs 
use UTF8 when they need to represent names in other than their local 
character set. Another survey looked at MS Windows root certificate 
stores, as a measure of commercial CA migration, and here none of the 
root CAs had UTF8 encodings! Given the commercial CA situation, need 
a migration plan. Suggestion is to create an individual submission, 
Informational RFC to describe whatever migration strategy is 
developed, test cases, etc.

CRL Signer Certificates and AIA - Stefan Santesson (Microsoft)
	Draft -00 of this new PKIX document was published after the 
last meeting. There has been moderate discussion on the list about 
this draft. About 5 major issues were identified. Responses have been 
proposed for each issue and, where appropriate, will be reflected in 
the next draft. One issue (choice of recommended referral methods) 
still remains, and will be addressed on the list.

Update on CRMF, CMC documents - Jim Schaad (Soaring Hawk)
       This presentation reviewed the state of several related drafts 
and highlight the controversies that remain. CRMF was forwarded to 
the RFC editor a bit earlier that Jim had anticipated. Two OID 
assignments need to be changed, and the plan is to use the 48-hour 
author's review period to make these changes, after confirmation on 
the WG list. CMC-based and transport documents are ready, will go out 
soon. CMC compliance document will go out very soon. CMC archive has 
one issue to be resolved, dealing with packaging of multiple keys 
retrieved from an escrow agent. Nonetheless, this document also will 
be republished and ready for last call very shortly.

Related Specifications & Liaison Presentations

LDAP schema definitions - Kurt Zeilenga (OpenLDAP)
	The author of this individual submission has requested that 
the WG review and comment upon this draft.  He intends to make a 
decision by the end of IETF#62 whether to recommend this revision for 
IESG consideration as a Proposed Standard. This document is intended 
to be published at the same time as the revised LDAP TS being 
developed by the LDAPBIS WG.

OCSP Data Interchange Format - John Hines (Tumbleweed)
       The presenter will be submitting an individual draft defining a 
data interchange format for OCSP servers. The presentation described 
the problems that inspired this draft and invites WG participation, 
even though the document will not be a PKIX document. The goal is to 
eventually make this a standard, and Russ Housley explained the 
procedure for doing this via the individual submission path.