*Action Items*
(new)
[AI] Jim and Eric will research how multiple policy OIDs work.
[AI] Jim will send the list an explanation of LionShare's goals in asking for
an USHER policy requirement, for discussion on the June 15 call.
[AI] Jim will remove WonderCrypt from the list at http://middleware.internet2.edu/hepki-tag/new/signing.html.
[AI] Eric will call Mozilla's attention to the fact that they don't support
the standards needed to recognize trust anchors on tokens, and nudge them to
do something about it.
[AI] Eric will continue seeking feedback on his Top 10 lists, especially from
HCISec.
(from previous calls)
[AI] Jim will get an OID for PKI Lite from MACE.
[AI] Mark will ask Jed Dobson for more information on OSG.
[AI] David will look at some of the products listed at http://middleware.internet2.edu/hepki-tag/new/signing.html
in the light of the list of questions there.
[AI] Neal will continue looking at OpenOffice, and Jim will look at eLock.
[AI] Jim will send the list more information on the Acrobat transcript-signing
work at U. of Chicago.
[AI] Jim will draft a discussion of the pros and cons of hierarchical and flat
campus PKIs for discussion on a future call.
[AI] All will send Jim further suggestions for TAG projects.
[AI] Jim will send mail to people who have expressed interest in various possible
areas of work for TAG, and work toward finding a focus for the group.
*Attendees*
Jim Jokl (chair) - Virginia
Eric Norman - Wisconsin
Jeff Schiller - MIT
Shelley Henderson - USC
Nathan Faut - KPMG
Nick Lewis - Internet2
Neal McBurnett - Internet2
Ben Chinowsky (scribe) - Internet2
*Discussion*
The group further discussed LionShare's request for an USHER policy requirement.
Jim noted that the policy OID field is multivalued, and suggested including
OIDs
for both generic PKI-Lite and specific campus policies. If this would be interpreted
to mean that you're complying with both, those who want to use LionShare could
just include the appropriate OID for it. [AI] Jim and Eric will research how
multiple policy OIDs work. Jeff and Eric noted that the multiple-OIDs feature
isn't widely implemented. Jim suggested defining an
extension for LionShare as another possible approach. [AI] Jim will send the
list an explanation of LionShare's goals in asking for an USHER policy requirement,
for discussion on the June 15 call. Jeff stressed that it's very important that
we not have any legal sanctions depend on certs issued by universities.
Eric noted that WonderCrypt doesn't do signing. [AI] Jim will remove WonderCrypt from the list at http://middleware.internet2.edu/hepki-tag/new/signing.html.
Eric had an action item to look for pointers on getting Mozilla to recognize
trust anchors on tokens. He noted that while the newer PKCS standards provide
a mechanism to do this, in Mozilla you need to write code to get it to happen.
[AI] Eric will call Mozilla's attention to the fact that they don't support
the standards needed to recognize trust anchors on tokens, and nudge them to
do something about it.
Eric also reported that he's sent his draft Top 10 lists to the HCISec list
and used them as discussion-starters at a BoF at the April PKI R&D workshop.
The upshot of both discussions has been that the list of what people need to
learn in order to use PKI has to be a lot shorter than these draft lists. In
particular, most people say that it won't work if you insist on talking about
CAs. He's not getting a lot of positive suggestions about how to do it better,
but is still hopeful in this regard. [AI] Eric will continue seeking feedback
on his Top 10 lists, especially from HCISec.