IETF Logo Mail Archive

[saag] PKIX report

Stephen Kent <kent@bbn.com> Wed, 29 July 2009 15:24 UTC

Return-Path: <kent@bbn.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0AA973A6823 for <saag@core3.amsl.com>; Wed, 29 Jul 2009 08:24:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.465
X-Spam-Level:
X-Spam-Status: No, score=-2.465 tagged_above=-999 required=5 tests=[AWL=0.134, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id da5LUU0d6rW2 for <saag@core3.amsl.com>; Wed, 29 Jul 2009 08:24:37 -0700 (PDT)
Received: from mx3.bbn.com (mx3.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id 38F0D3A6983 for <saag@ietf.org>; Wed, 29 Jul 2009 08:24:16 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15] helo=[130.129.18.170]) by mx3.bbn.com with esmtp (Exim 4.63) (envelope-from <kent@bbn.com>) id 1MWB0p-0007jR-Ch; Wed, 29 Jul 2009 11:24:16 -0400
Mime-Version: 1.0
Message-Id: <p06240802c696122de8af@[130.129.18.170]>
Date: Wed, 29 Jul 2009 11:24:13 -0400
To: saag@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Subject: [saag] PKIX report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2009 15:24:38 -0000

PKIX meeting report

About 42 individuals attended the single PKIX session at the 75th IETF.

Four PKIX document have been approved by the IESG and are awaiting 
publication. One is entering IETF last call, one is slated for a 
telechat in 3 weeks, and another has just completed WG last call. 
Seven other document are in process in the WG.

The remaining two trust anchor documents will enter WGLC in a few 
weeks, and software implementing the functionality of these documents 
will be made available.

Stefan Santesson will take over as editor of RFC 4557bis (OCSP). The 
revisions will add an extension allowing a client to express 
algorithm preferences for OCSP responses, and will specify an 
algorithm for how an OCSP server selects the algorithm to use in 
signing a response.

Stefan also will act as editor for the update for RFC 3161 (Time 
Stamping). This RFC will have a minor change made to accommodate 
ESSv2 cert IDs, to allow use of hash algorithms other than SHA-1. 
This is consistent with our algorithm agility mandate, and will 
harmonize this RFC with existing ETSI efforts.

Stefan, completing a hat trick, discussed his I-D on linking images 
to certs. The intent is to extend RFC 3709 (Logotypes) to allow 
additional image formats for scaleable graphic representation.

The meeting concluded with two non-WG presentations. One, by Stefan, 
discussed an ongoing technical effort in the EU to reduce ambiguity 
of distinguished names in X,509 certs. The plan is to use metadata to 
provide a guide to interpreting DN attributes on a per CA basis. 
Steve presented a proposal for relying party management of trust 
anchors, focusing on the RPKI requirement for such a capability.

v2.23.0 | Report a Bug | By Email