HEPKI-TAG Call - February 21, 2007

*HEPKI-TAG Conference Call*
February 21, 2007

*Attendees*
Jim Jokl (chair) - Virginia
Eric Norman - Wisconsin
Jeff Schiller - MIT
David Wasley - independent
Neal McBurnett - Internet2
Ben Chinowsky (scribe) - Internet2

*Action Items*(new)
[AI] All who know of non-email applications for electronic signatures, will send info to Jim.
[AI] Neal will find out how different browsers determine whether to display the EV green bar, and whether browser modifications are required when a new CA is approved to issue EV certs.

(from previous calls)
[AI] David will resend the URL for Michael Sessa's work on digitally-signed XML transcripts.
[AI] Eric will experiment with delivery and trust of root and intermediate certs via the web in Mozilla-family browsers.
[AI] Jim will incorporate Scott's digsig-tools information into the HEPKI-TAG web site.
[AI] David will follow up on SAFE's open-source signing work.
[AI] Jim will expand the signing-tools matrix with columns on APIs and scripting tools; multiple signatures (parallel vs. stacked); and whether or not the tool lets you add a trust anchor.
[AI] Jim will get an OID for PKI Lite from MACE.
[AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.

*Discussion*
The group discussed non-email applications for electronic signatures, e.g. for invoices, transcripts, grant submissions, and timesheets. Jim wants to see if there are enough applications out there to make it worth systematically collecting and comparing them. [AI] All who know of non-email applications for electronic signatures, will send info to Jim.

Eric noted an interesting approach to foiling spam bots. See http://damienkatz.net/2007/01/negative_captch.html -- "instead of asking the user to prove he's human, it instead tricks the spam bot into revealing it's a bot."

David is working to recruit a guest speaker from Apple to talk about PKI support in MacOS; the group spent some time discussing topics they'd like addressed on that call.

The group continued its discussion of Extended Validation certs. Neal noted a Stanford/Microsoft study that claims that, for human-factors reasons, EV certs are ineffective in IE7; see http://it.slashdot.org/article.pl?sid=07/01/26/1325228 . [AI] Neal will find out how different browsers determine whether to display the EV green bar, and whether browser modifications are required when a new CA is approved to issue EV certs.