170 likes | 297 Views
Technical Working Group Plenary Summary June 2001. Andrew Nash Steve Lloyd. TWG Success – Again!. In Progress: 3 Major Interoperability Projects 4 White Papers 3 Implementation Guidelines. Complete: 3 Major Interoperability Projects 2 White Papers. But no Mark Davis – sniff! .
E N D
Technical Working GroupPlenary SummaryJune 2001 Andrew Nash Steve Lloyd
TWG Success – Again! In Progress: 3 Major Interoperability Projects 4 White Papers 3 Implementation Guidelines Complete: 3 Major Interoperability Projects 2 White Papers But no Mark Davis – sniff! ** Customers include consultants
Fine Tuning • Implementation guidelines • Represent agreements amongst vendors at PKI Forum • Need definition of purpose & form • Meetings are well run, but participation between meetings is lacking • Not enough comment on drafts distributed on mailing lists • Intervening virtual meetings could be held • Record meetings for later webcast • Customer BOF to air issues
Path Construction White PaperSteve UØ«±d • Stephen Farrell of Baltimore & Steve Lloyd of Entrust are project leaders • Steve Lloyd focusing on LDAP/repository • David Cross (Microsoft) focusing on web based access • Some problem areas now resolved by standards bodies: • LDAP • Forward/backward link terminology • Discussed abstract • Paper will not dictate path construction algorithm to vendors • White paper followed by implementation guideline • LDAP requirements to be communicated to LDAP white paper authors
CESGRichard Lampard • 10 vendors demonstrated S/MIMEv3 signed email communication in Feb 2001 • Multilateral demo with heterogeneous CA hierarchy • PKI Issues • Directory schema usage • Revocation based on CRLs – 50% of email clients did not handle revocation checking • OID usage
CESG Phase II • Kickoff meeting held on 14 Jun 2001 • Balancing UK Govt standards & market realities • S/MIMEv3, as per UK Govt standard • Both DSA & RSA algorithms • Open source reference implementation being sought • More focus on cert profiles in this phase • Plan to showcase demo at Information Security show in Apr 2002 • Plan to integrate with the EEMA PKI Challenge • New participants still welcome
Application Certificate UsageDavid Crowe • Results submission procedure proposal was approved • Open issues: • Should results be published publicly or for members only? • Should results be printed (or published on web site only)? • David Crowe assumes a background role • Microsoft is planning to submit some results soon • Tony Rogers (of CA) is setting up cert repository • Reside on PKI Forum web site • Received certs from Microsoft & CA
SKID Implementation GuidelineSteve Lloyd • First implementation guideline reviewed • AKIDs & SKIDs can be calculated in multiple ways • Recommendation is that requesting CA provide its SKID to the foreign CA in the cross-certificate request • Unanimous agreement!!! • But, are we getting too close to setting standards?
User & CA Cert Implementation GuidelinesRichard Lampard • Draft papers issued on 30 May 2001 • The guidelines focus mainly on cert profiles • Action plan: • Issue revisions reflecting comments already received • Vendors to get Engineering concurrence 6 weeks later • CRL implementation guidelines planned
CMP Project UpdateSteve Lloyd • Steve provided a synopsis on the project, for Bob Moskowitz’s, for the benefit of new attendees • The project has completed its 1st phase, & is planning 2nd phase • Lessons learned (from 1st phase) being written up
TeleTrust European Bridge CAHolger Reif • Hub architecture defined • Trusted root CAs are maintained in a trust list • Three means of implementing inter-domain trust were discussed • Publication & retrieval of revocation status were discussed • Revocation information maintained by members rather than Bridge • Used PKI Forum CA-CA Interoperability paper as basis for trust model • Focused on e-mail apps initially • Multiple CA and 3rd party product vendors • Interoperability testing taking place
PKI Challenge (pkiC) UpdateFrank Jorissen • MOU between EEMA & PKI Forum now in force • Liaison also exists between EEMA & CESG • ECAF Model part 2 initiated, will focus on PKA (public key applications) • pkiC is vendor led • Mission is to achieve “PKI as an open operating system” for various PKAs • Focusing on stable & commercially stable standards • Two groups involved in project: • Project Consortium: companies planning & running pkiC • Testing participants: companies involved in testing
pkiC WP2 Update • Although directories will be involved, directory interoperability is not the focus of pkiC • Testing against reference implementation (in development) • PKA Interoperability • S/MIME signed & encrypted email (essential) • Secure documents, signed web objects, secure time stamping, applications using qualified certificates (under consideration)
pkiC WP2 Update • PKI interoperability • CA certification with 3-level hierarchy (essential) • Certification by file exchange (essential) • Remote enrollment (under consideration) • Smart cards (under consideration) • IETF/EESSI qualified certificates (under consideration) • CA/RA interoperability (under consideration) • Directory & validation services • LDAP (essential) • Directory schema & naming conventions (essential) • (others under consideration)
Token Interoperability/Portability Andrew Nash • Draft white paper distributed • TWG review • Structural suggestions and review comments provided • WP approval targeted at September meeting
Wireless CertificatesOliver Pfaff • 2 approaches to delivery of Internet to wireless devices: • NTT DoCoMo (HTML proxy-based) • WAP (WAP gateway-based) • Wireless PKI (WPKI) developed through WAP Security Group (WSG), has specs: • WTLS cert • WAPCert • WPKI definition • Very large consumer PKI domains anticipated for wireless devices • Deployment could be held back if multiple infrastructures • WAP on current generation GSM devices unpopular, due to high cost & low bandwidth
Technical Working Group Technical Working Group Technical Working Group Technical Working Group Technical Working Group Technical Working Group Technical Working Group Technical Working Group Technical Working Group Technical Working Group Technical Working Group Technically Innovative Leadership