IETF Logo Mail Archive

Re: [saag] PKIX report

"Hallam-Baker, Phillip" <pbaker@verisign.com> Tue, 24 March 2009 23:49 UTC

Return-Path: <pbaker@verisign.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4AB4B3A68A2 for <saag@core3.amsl.com>; Tue, 24 Mar 2009 16:49:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.433
X-Spam-Level:
X-Spam-Status: No, score=-5.433 tagged_above=-999 required=5 tests=[AWL=-0.231, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gRq1kxGQstPn for <saag@core3.amsl.com>; Tue, 24 Mar 2009 16:49:45 -0700 (PDT)
Received: from robin.verisign.com (robin.verisign.com [65.205.251.75]) by core3.amsl.com (Postfix) with ESMTP id D96383A67EE for <saag@ietf.org>; Tue, 24 Mar 2009 16:49:40 -0700 (PDT)
Received: from MOU1WNEXCN03.vcorp.ad.vrsn.com (mailer6.verisign.com [65.205.251.33]) by robin.verisign.com (8.12.11/8.13.4) with ESMTP id n2ONoOF2018608; Tue, 24 Mar 2009 16:50:24 -0700
Received: from MOU1WNEXMB09.vcorp.ad.vrsn.com ([10.25.15.197]) by MOU1WNEXCN03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 24 Mar 2009 16:50:24 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C9ACDB.4CE53F39"
Date: Tue, 24 Mar 2009 16:48:18 -0700
Message-ID: <2788466ED3E31C418E9ACC5C3166155768B34A@mou1wnexmb09.vcorp.ad.vrsn.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [saag] PKIX report
thread-index: AcmsvvMi3/oZa4V7R7eZw6SK7aKGzQAHA7fv
References: <p06240800c5eef2867fcf@[130.129.68.195]>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: Stephen Kent <kent@bbn.com>, saag@ietf.org
X-OriginalArrivalTime: 24 Mar 2009 23:50:24.0612 (UTC) FILETIME=[4CFB4240:01C9ACDB]
Subject: Re: [saag] PKIX report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2009 23:49:46 -0000

I dispute the assertion that a new protocol or port # might be required for OCSP. The protocol is adequately extendable.
 
What I put in the slides was what I felt that the group had already agreed to. Since this was the first occasion where the issues had been raised, I was not proposing a solution. If it is agreed that there is a problem, there is a simple solution.

________________________________

From: saag-bounces@ietf.org on behalf of Stephen Kent
Sent: Tue 3/24/2009 4:27 PM
To: saag@ietf.org
Subject: [saag] PKIX report


PKIX Meeting report

We have one document in the RFC editor's queue and twelve I-Ds in process.

PRQP, targeted to Experimental status, will be revised one more time, and them move to WGLC.

Traceable Autonomous Certificates, also targeted to Experimental status, has been revised in response to numerous comments from David Cooper. It will be posted and hopefully move to WGLC next month.

The Trust Anchor management requirements document passed WGLC. The format for TA material and the TAMP spec are both ready for WGLC.

An initial OCSP algorithm agility I-D defines the default behavior for a client, and proposes additional client behavior rules to deal with one algorithm mismatch problem. However, SHA-1 is hardwired into the spec and this needs to be addressed, if only for perception reasons. Providing true algorithm agility here may require a more innovative approach, e.g., use of different port or protocol values.

RFC 3161 (Time Stamp Protocol,) will be updated to address a hash agility concern and to address terminology issues (to be compatible with ETSI documents).

David Cooper is assembling data to support advancement of RFC 5280  to Proposed status.

The new ASN.1 draft has been revised and is ready for WGLC,  in parallel with a straw poll to determine whether the document should be Informational or Standards track.

The I-D that provides OIDs for use with DSA and ECDSA will progress to WGLC, despite its dependence on a FIPS (186-3) that has yet to be issued.

The meeting concluded with a presentation by Stefan Santesson on a proposal to include a PDF as a next generation logotype capability. The goal is to do a better job of conveying the identity of a certificate holder to a (human) relying party, compared to  display of certificate contents, etc.

v2.23.0 | Report a Bug | By Email