Untitled Document

Technical Activities Group Meeting Minutes
HEPKI-TAG Call

July 17, 2002
Attendees

* Jim Jokl, Virginia
* Eric Norman, Wisconsin
* Judith Boettcher, CREN
* Michael Gettes, Georgetown
* Deb Crocker, Alabama
* David L. Wasley, UCOP
* Jeanette Fielden, Internet2
* Renee Frost, Internet2/Michigan
* Neal McBurnett, Internet2

Discussion

Jim stated that he did not get response from the list to his request for volunteers to document hardware tokens. The link to a previous survey document is: http://www.itc.virginia.edu/org/pki/tokens.html. Jim also cautioned that the document is not dated and the model numbers are incomplete. .

There was a general discussion of smart cards and that it is desirable to document what information and resources are available along with what the current state of development and functionality for smart cards is. There is also interest in knowing what universities have them in use, for what, and how many are just evaluating the concept. www.linuxnet.com has smart card info on Mac, Linux, and various Unix flavors. One example of how a smart card can be very important relates to administrative applications. How can you know that a user has put a pass phrase on their certificate cache? There is no way to enforce that with IE and Netscape on Windows while you can in Apple OS. A smart card can enforce a pass phrase on browser certificate caches. The general agreement was that so far something that works across operating systems hasn't been found.

The topic then turned to the fact that currently, browsers are not good at certificate management. A specific list could be submitted to Microsoft to outline what needs to be present in the browsers to help with certificate management. There is a document on the web site with a list of browser issues at http://middleware.internet2.edu/hepki-tag/HEPKI-TAG-Certs-Browsers-03.pdf. There was agreement the document could be revised to reflect new information and concerns.

There was also agreement to evaluate Windows XP, which is supposed to be bridge aware. XP claims to enforce name constraints, policy constraints, etc. One key question is: Is it implemented in the kernel so that Outlook and IE are bridge aware? The consensus was that this would be of great interest since even if XP is not implemented on your site it may be on a site you are communicating with. The desire is to test XP's functionality and how to integrate it with HEPKI. Does the XP environment, client and server, inter-operate in a bridge environment and does that includes other XP systems and other bridge aware environments? There was discussion over what would be needed and what is currently available, how many schools were available to participate, and what kind of certificates would be needed.

The next call is scheduled for August 14, 2002.
Action Items

1. [AI] Jim will mail another appeal for hardware token description volunteers to the list.
2. [AI] David will coordinate the revision of the browser document and inclusion of requirements for certificate management at: at http://middleware.internet2.edu/hepki-tag/HEPKI-TAG-Certs-Browsers-03.pdf.
3. [AI] Jim will talk to Bob Bentrup, Eric will investigate possibilities at Wisconsin and Michael will send e-mail to the HEPKI-TAG list regarding setting up testing for Windows XP relating to bridge environments.