Untitled Document

Technical Activities Group Meeting Minutes
HEPKI-TAG Conference Call

December 19, 2001
Attendees

* Jim Jokl (chair) - Virginia
* Bob Morgan - Washington
* Steve Worona - EDUCAUSE
* David Wasley - UCOP
* Neal McBurnett - Internet2
* Bill Doster - Michigan
* Eric Norman - Wisconsin
* Judith Boettcher - CREN
* Ed Feustel - Dartmouth
* Renee Frost - Michigan/Internet2
* Jeff Schiller - MIT/CREN
* Michelle Gildea - CREN
* Ken Klingenstein - Colorado/Internet2
* Ben Chinowsky (scribe) - Internet2

Discussion

After correcting and approving the minutes of the previous meeting, the group reviewed some of its outstanding action items:

* [5-December - Eric will continue investigating listproc's performance with signed messages.] Still to do.
* [5-December - Jim will get part of the PKI Lite site set up for test results.] In process -- see http://middleware.internet2.edu/hepki-tag/. [AI] Eric will ask Scott Fullerton to test opaque signatures on the TAG list.
* [5-December - Jim will organize testing to verify that the fix proposed for the L-Soft signed messages problem actually works.] Still to do.
* [5-December - Jim will send the list a summary of responses to his call-scheduling poll.] Done. The emerging consensus is to keep the TAG call on the same day, but move it a half-hour earlier, to 3pm Eastern. [AI] Renee will find out if TAG can count on MACE-Dir-Groups finishing its calls by 3pm Eastern, so as not to conflict with TAG's proposed new start time.
* [5-December - All will send Jim their institutional root certs for the root cert downloader and client authentication demo on pkidev.internet2.edu.] In process.
* [5-December - Jeff will have lawyers at MIT review the legal language in the draft CPS template.] In process.
* [5-December - Ken will ask HEPKI-PAG for input on where to seek legal review of the draft CPS template.] Still to do. Replace with [AI] Ken will ask HEPKI-PAG for input on where to seek legal review of the draft PKI Lite combined CP/CPS.
* [5-December - Judith will have Dan Burk review the legal language in the draft CPS template.] Done. Judith reported that Dan was "delighted" with the approach taken in this document; he described it as relying on "judicial common sense". Dan has also rewritten Section 2.2 to avoid committing CAs to doing things they may not be able to do.
* [5-December - Jim and Judith will post the draft CPS template on the HEPKI-TAG and CREN web sites.] Done.
* [5-December - Jeff will copyedit the draft CPS template and send the revised version to the list.] In process.
* [5-December - Ed will read the SACRED requirements document; if this leads him to think that SACRED should be kept going, he will investigate further.] Still to do.
* [5-December - Ed will find out more about Dartmouth's timesheet-signing application, for discussion on the next call.] Still to do.
* [21-November - Ken will send the list v0.01 of a list of use scenarios for PKI Lite S/MIME.] [21-November - Jim will send the list v0.01 of a list of use scenarios for PKI Lite web authentication, to be discussed in parallel with Ken's S/MIME scenarios.] The group has made these lists already in the course of its last two conference calls; so, done.

[AI] Jim will check status of action items from November 7 and earlier via email.

There was a short discussion of miscellaneous PKI Lite items: - Steve continues to pursue the the Department of Education for a response to TAG's questions about ID certs and FERPA. - Jim noted that he has only received one piece of feedback on the PKI Lite cert profile. [AI] All will review David's "S/MIME needs..." email (Dec. 5, re-sent Dec. 19) for discussion on the next call. - A short discussion of the combined CP/CPS revealed general agreement that combining these documents is a good approach for PKI Lite to take. See http://middleware.internet2.edu/hepki-tag/ for the latest version.

The group zoomed in briefly on the idea of using S/MIME to control access to mailing lists. [AI] Eric will draft a scenario for using S/MIME to make it possible for all replies to a message sent to multiple lists to go to all those lists, even when the replyer is not on all of them. [AI] Judith will draft a scenario for using S/MIME for homework submission.

Finally the group zoomed back out to reevaluate its overall approach to promoting PKI Lite. Bob Morgan pointed out that, as many of the things you can do with PKI authentication and S/MIME can already be accomplished with existing forms of web authentication, it might be good for TAG to focus on why PKI authentication and S/MIME are *better* ways -- rather than just possible ways -- to accomplish these things. Ken suggested that TAG put out a CFP for a signed-email project; he suggested that TAG pitch this more as an experiment than as a pilot deployment, and expressed confidence that this would motivate significant participation from the campuses "because it's the right thing to do." Other advantages of promoting S/MIME deployment as an experiment are that it would remove some of the legal obstacles and that it would make it more palatable to require participants to use particular email clients. [AI] Ken will draft a CFP for an experimental approach to deploying PKI Lite S/MIME.
Action Items

* [AI] 19-December - Eric will ask Scott Fullerton to test opaque signatures on the TAG list.
* [AI] 19-December - Renee will find out if TAG can count on MACE-Dir-Groups finishing its calls by 3pm Eastern, so as not to conflict with TAG's proposed new start time.
* [AI] 19-December - Ken will ask HEPKI-PAG for input on where to seek legal review of the draft PKI Lite combined CP/CPS.
* [AI] 19-December - Jim will check status of action items from November 7 and earlier via email.
* [AI] 19-December - All will review David's "S/MIME needs..." email (Dec. 5, re-sent Dec. 19) for discussion on the next call.
* [AI] 19-December - Eric will draft a scenario for using S/MIME to make it possible for all replies to a message sent to multiple lists to go to all those lists, even when the replyer is not on all of them.
* [AI] 19-December - Judith will draft a scenario for using S/MIME for homework submission.
* [AI] 19-December - Ken will draft a CFP for an experimental approach to deploying PKI Lite S/MIME.
* [AI] 5-December - Eric will continue investigating listproc's performance with signed messages.
* [AI] 5-December - Jim will get part of the PKI Lite site set up for test results.
* [AI] 5-December - Jim will organize testing to verify that the fix proposed for the L-Soft signed messages problem actually works.
* [AI] 5-December - All will send Jim their institutional root certs for the root cert downloader and client authentication demo on pkidev.internet2.edu.
* [AI] 5-December - Jeff will have lawyers at MIT review the legal language in the draft CPS template.
* [AI] 5-December - Jeff will copyedit the draft CPS template and send the revised version to the list.
* [AI] 5-December - Ed will read the SACRED requirements document; if this leads him to think that SACRED should be kept going, he will investigate further.
* [AI] 5-December - Ed will find out more about Dartmouth's timesheet-signing application, for discussion on the next call.
* [AI] 5-December - Keith will point Wisconsin's deputy CIO to the posted draft CPS template.
* [AI] 5-December - Keith will try to interest one of his colleagues at Wisconsin in working with TAG on serial signatures.
* [AI] 7-November - Ed will send the list information on products that use the IBM 4758.
* [AI] 7-November - Eric and Jim will discuss next steps for getting the demo cert issuer onto the Internet2 demo machine.
* [AI] 24-October - All will review Ed's October 19 mail on CP information in the TrustID certs being used for HEBCA.
* [AI] 26-September - Ellen will work with Renee on the issue of which OID to use (CREN has volunteered one), and get back to Judith to plan further.
* [AI] 26-September - Judith will see if Frank Grewe or Ron Hutchins can get TAG some CREN- and institution-signed user certs to use on the demo site to practice following chains.
* [AI] 26-September - Jeff will look into getting user certs from MIT for the demo site.
* [AI] 26-September - Eric and Jim will experiment with using S/MIME clients to exchange encryption capabilities.
* [AI] 29-August - Renee will look into what policies Internet2 is considering for software distributions.
* [AI] 29-August - All will look into which of their prospective PKI applications will separate authorization and authentication, and which will conflate them.
* [AI] 1-August - Ed will find out what CA software packages are being used on the campuses from which he's received PKI project information, and which of these packages are capable of adding a policy OID.
* [AI] 6-June - All will send Jim links to information on their campus PKI work, for the TAG web site.