IETF Logo Mail Archive

[saag] PKIX report

Stephen Kent <kent@bbn.com> Tue, 24 March 2009 20:26 UTC

Return-Path: <kent@bbn.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D92923A6A93 for <saag@core3.amsl.com>; Tue, 24 Mar 2009 13:26:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.44
X-Spam-Level:
X-Spam-Status: No, score=-2.44 tagged_above=-999 required=5 tests=[AWL=0.158, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vIyf+kHAy-k9 for <saag@core3.amsl.com>; Tue, 24 Mar 2009 13:26:28 -0700 (PDT)
Received: from mx3.bbn.com (mx3.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id CC3653A680B for <saag@ietf.org>; Tue, 24 Mar 2009 13:26:27 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15] helo=[130.129.68.195]) by mx3.bbn.com with esmtp (Exim 4.63) (envelope-from <kent@bbn.com>) id 1LmDDS-0002oS-9g for saag@ietf.org; Tue, 24 Mar 2009 16:27:18 -0400
Mime-Version: 1.0
Message-Id: <p06240800c5eef2867fcf@[130.129.68.195]>
Date: Tue, 24 Mar 2009 16:27:15 -0400
To: saag@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-974196059==_ma============"
Subject: [saag] PKIX report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2009 20:26:28 -0000

PKIX Meeting report

We have one document in the RFC editor's queue and twelve I-Ds in process.

PRQP, targeted to Experimental status, will be revised one more time, 
and them move to WGLC.

Traceable Autonomous Certificates, also targeted to Experimental 
status, has been revised in response to numerous comments from David 
Cooper. It will be posted and hopefully move to WGLC next month.

The Trust Anchor management requirements document passed WGLC. The 
format for TA material and the TAMP spec are both ready for WGLC.

An initial OCSP algorithm agility I-D defines the default behavior 
for a client, and proposes additional client behavior rules to deal 
with one algorithm mismatch problem. However, SHA-1 is hardwired into 
the spec and this needs to be addressed, if only for perception 
reasons. Providing true algorithm agility here may require a more 
innovative approach, e.g., use of different port or protocol values.

RFC 3161 (Time Stamp Protocol,) will be updated to address a hash 
agility concern and to address terminology issues (to be compatible 
with ETSI documents).

David Cooper is assembling data to support advancement of RFC 5280 
to Proposed status.

The new ASN.1 draft has been revised and is ready for WGLC,  in 
parallel with a straw poll to determine whether the document should 
be Informational or Standards track.

The I-D that provides OIDs for use with DSA and ECDSA will progress 
to WGLC, despite its dependence on a FIPS (186-3) that has yet to be 
issued.

The meeting concluded with a presentation by Stefan Santesson on a 
proposal to include a PDF as a next generation logotype capability. 
The goal is to do a better job of conveying the identity of a 
certificate holder to a (human) relying party, compared to  display 
of certificate contents, etc.

v2.23.0 | Report a Bug | By Email