Untitled Document

Technical Activities Group Meeting Minutes
HEPKI-TAG Conference Call

January 12, 2005
Attendees

* Jim Jokl (chair) - Virginia
* Renee Frost - Internet2
* Neal McBurnett - Internet2
* Philip Hsieh - Rice
* Jeff Schiller - MIT
* Shelley Henderson - USC
* Bob Morgan - Washington
* Eric Norman - Wisconsin
* Nathan Faut - eValid8
* Ben Chinowsky (scribe) - Internet2

Discussion

Jim asked the group for any final changes to the Eudora S/MIME document (http://middleware.internet2.edu/hepki-tag/new/eudora-smime.txt). Barring any last-minute objections, this document is now final and will be sent to Qualcomm shortly.

Jeff noted that he's gotten S/MIME to work with Mutt. [AI] Jeff will send Jim a Mutt column for the TAG S/MIME table. Jeff also reported that he's deployed a new CA at MIT; it uses python with hooks into SSL and Kerberos.

Most of the call was devoted to exploring possible future areas of work for TAG.

1. Spam control. Bob pointed the group to interesting discussions of the MASS approach to spam control; see his January 12 email and the MASS site at http://mipassoc.org/mass/. Jeff is optimistic about MASS; he thinks it will be less disruptive than address-based approaches. Bob noted that some claim that the MASS and SPF approaches are complementary. Jeff predicted that both MASS and SPF will put more pressure on DNS security; this might be addressed with DNSSEC or with something ad hoc. Jim concluded by saying that he doesn't see a project for TAG here, but he does think the group would be interested in hearing further updates on what's going on in this area.
2. Digital-signature software and campus applications for digital signatures. There is strong interest on the campuses in using digital signatures to reduce paperwork; Eric suggested also using signed email to replace "click to accept" web processes. Wisconsin is working on using digital signatures for transcripts.
3. Windows smartcard domain authentication. If you're using a non-Windows CA, you need to add the appropriate Microsoft attributes to make this work. Dartmouth has documented some experiences with this; see http://www.dartmouth.edu/%7Edeploypki/materials/modules/using/smartcard_logon/PKISmartcardLogon.htm
4. Preparing your internal CA audit. Nathan pointed the group to documents spelling out what auditing procedure the Federal PKI Policy Authority expects from anyone who cross-certifies with the FBCA: http://www.cio.gov/fpkipa/map_matrix.htm. [AI] Eric will ask Scott Fullerton if he wants to work on internal CA audit requirements. Eric suggested that preparing for external audits could also be a useful area of work for TAG.
5. CA software and HSM modules. Neal re-sent a message outlining Red Hat's plans for the Enterprise Solutions software it recently acquired from Netscape. Neal also called the group's attention to the Enterprise Java Beans CA (http://ejbca.sourceforge.net/) and to HSM provider Cryptoflex (http://www.cryptoflex.com/).

Other possibilities, listed in the agenda but not discussed on the call, include:

* EAP-TLS for wireless authentication
* Updated work on S/MIME
* Introductory materials for sites getting started (CA software, applications, cookbook, etc.)

[AI] All will send Jim further suggestions for TAG projects. [AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.

Action Items

1. [AI] Jeff will send Jim a Mutt column for the TAG S/MIME table.
2. [AI] Eric will ask Scott Fullerton if he wants to work on internal CA audit requirements.
3. [AI] All will send Jim further suggestions for TAG projects.
4. [AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group. (from previous calls)
5. [AI] Eric will look for pointers on using trust anchors on tokens.
6. [AI] Jim will change the draft version of section 1.6 in the PKI-lite policy to version 1.0 and circulate to the list for final review.
7. [AI] Eric will contact Denise for input on the user portion of his Top 10 project.
8. [AI] All will send Eric suggestions for his Top 10 lists.