Untitled Document

Technical Activities Group Meeting Minutes
HEPKI-TAG Conference Call

June 21, 2000
Attendees

* Jim Jokl (chair) - Virginia
* Michael Gettes - Georgetown
* Frank Grewe - Minnesota
* Judith Boettcher - CREN
* Patty Gaul - CREN
* Neal McBurnett - Lucent
* Ken Weiss - UCOP
* Mark Poepping - CMU
* Arial Glenn - Columbia
* Eric Norman - Wisconsin
* Keith Hazelton - Wisconsin
* Ron Hutchins - Georgia Tech
* Bob Morgan - Washington
* Ben Chinowsky (scribe) - Internet2
* Others joined and left the call at various times.

Discussion

The meeting opened with a review of the minutes from the previous meeting. With one clarification regarding the survey questions on open-source issues, the minutes were approved.

Next was a review of some of the action items from the last meeting. Florida State is beginning a hardware-tokens pilot project; 400 students will be using smartcards holding PKI certificates to sign student-loan paperwork. We believe U. of Michigan is also starting a hardware-tokens project and are checking with them to see what may be in progress. With respect to XML, Neal has been exchanging email with Mine; he has also sent a query to Amir Hertzberg about XML work being done in Israel. Eric noted that ASN.1 does not specify a bit layout, which necessitates DER encoding. This is important for digital signatures. [AI] Neal will forward links related to XML/ASN.1/DER to Keith, Arial, and Eric, with a view to readying this information for the TAG list. On the functional spec for mobility, Eric has requested a mailing list of vendors and others who will need to agree on this. There was a discussion of what kind of thing we will be trying to get people to agree to -- will it be more a proposed standard, involving specific protocols, or more a high-level general approach, concerned only with how the user sees things and where credentials are stored? On the one hand, vendors tend to take advantage of any wiggle room left in specs they agree to; on the other, any full interoperability spec will need to come out of PKCS or IETF. It was agreed that in addition to the Microsoft/Netscape interoperability discussed in the last call, the functional spec will need to address cross-platform interop, which will involve discussion of Microsoft's Crypto API, as well as PDSA (supported by IBM). [AI] Bob will find out if the IETF is open to using TAG's functional spec as a seed for a more detailed interoperability specification.

It was noted that Michael had attended the open-source PKI meeting with the Feds, but had to leave early. The nonrepudiation debate didn't happen, and the discussion got ratholed on key usage.

The Internet2 PKI Labs solicitation has been posted to http://www.internet2.edu/middleware/pkilabs/. Five certificate profiles are now at http://www.internet2.edu/middleware/certprofiles/.

The Ed/Fed PKI meeting starts tomorrow. It was noted that the information the Shibboleth surveys are gathering about the state of authorization on campus may be relevant here; one of the assumptions behind Shibboleth is that PKI is the ultimate solution, but will take a while, so that interim solutions are needed. Judith noted that the Feds had responded to CREN's letter with a suggestion that CREN and the Federal Bridge CA work together on interoperability. Other issues suggested as important ones to bring up at this meeting were: ensuring that higher education is able to use ACES certs, multiple levels of acceptance (so that Ed/Fed interop won't require all the components needed for high-end interagency interop), and directory interoperability. The Feds are just starting to work on their directory profile; their first meeting on this topic is next week.

Finally, there were two short discussions of implementation details. Ron asked for and received technical support for a problem -- unexplained please-choose-a-cert messages -- that Georgia Tech has been having with its OpenSSL implementation. Bob and Eric discussed the issue of virtual domains (and server aliases more generally) necessitating wildcards in certs; some software does not accept certs with wildcards. [AI] Bob will send the list information on the wildcards-in-certs issue.

The next HEPKI-TAG call will be Wednesday, July 5, at 3:30pm EDT = 12:30pm PDT = 7:30pm GMT.

Action Items

* Neal will forward links related to XML/ASN.1/DER to Keith, Arial, and Eric, with a view to readying this information for the TAG list.
* Bob will find out if the IETF is open to using TAG's functional spec as a seed for a more detailed interoperability specification.
* Bob will send the list information on the wildcards-in-certs issue.