HEPKI-TAG call 22-March-2006

HEPKI-TAG call
22-March-2006

*Action Items* (from previous calls)
[AI] Scott will ask Bob Brentrup to write a report on the USHER key-generation process.
[AI] All will send URLs for CA software (open-source or not) to TAG.
[AI] Jim and David will draft requirements for the packaged-CA project, and start looking at available CA software in the light of those requirements.
[AI] Eric will let TAG know when Ron DiNapoli's work on Aladdin eTokens on Macintosh is available for the group to look at.
[AI] All will look at http://www.gridpma.org/ for materials for the CA Audit project to point to or extract from.
[AI] Bob will send out pointers on UW's experience with the Federal Credential Assessment Framework (CAF).
[AI] All who can test the Eudora S/MIME plugin, or find others to do so, will contact Jim.
[AI] Jim will expand the signing-tools matrix with columns on APIs and scripting tools; multiple signatures (parallel vs. stacked); and whether or not the tool lets you add a trust anchor.
[AI] All who have time to investigate one or more of the signing tools at http://middleware.internet2.edu/hepki-tag/new/signing4.html will contact Jim.
[AI] Jim will continue looking at PKI Lite cert profiles for Rice's code-signing application.
[AI] Eric will call Mozilla's attention to the fact that they don't support the standards needed to recognize trust anchors on tokens, and nudge them to do something about it.
[AI] Eric will continue seeking feedback on his Top 10 lists, especially from HCISec.
[AI] Jim will get an OID for PKI Lite from MACE.
[AI] Mark will ask Jed Dobson for more information on OSG.
[AI] David will look at some of the products listed at http://middleware.internet2.edu/hepki-tag/new/signing4.html in the light of the list of questions there.
[AI] Neal will continue looking at OpenOffice, and Jim will look at eLock.
[AI] Jim will send the list more information on the Acrobat transcript-signing work at U. of Chicago.
[AI] Jim will draft a discussion of the pros and cons of hierarchical and flat campus PKIs for discussion on a future call.
[AI] All will send Jim further suggestions for TAG projects.
[AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.

*Attendees*
Jim Jokl (chair) - Virginia
Nathan Faut - KPMG
David Wasley - independent
Neal McBurnett - Internet2
Ben Chinowsky (scribe) - Internet2

*Discussion*
The group discussed topics for the upcoming face-to-face PKI WG meeting (http://events.internet2.edu/2006/spring-mm/sessionDetails.cfm?session=2650&event=242):
- USHER in general. See http://usher.internet2.edu/
- InCommon / e-Auth synergies with USHER, in particular using them to connect PKI "islands". David observed that the current situation with PKI is like the early days of networking, with numerous non-interoperable systems -- how to get them to cross-certify with appropriate policy mappings? How to get vendors to see that interoperability will grow the market, and so get them to stop trying to maintain market share via non-interoperability? David offered to present on this topic.
- The relevance to USHER of TERENA's approach to PKI. See http://www.terena.nl/news/fullstory.php?news_id=1509, and recent emails to the HEPKI-TAG list from Jan Meijer.

There was also a short discussion of email issues. Jim noted the importance of getting people to focus on what they really need -- for example, key escrow is hard, but in many cases people are unlikely to really care if they can get access to something years in the future. Neal noted SMTP's "opportunistic encryption", and speculated that much university email traffic may already be encrypted with TLS, without creating problems. It was also suggested that when mail clients ask you to add a cert, they need to provide options so you don't automatically trust everything under that cert.

Jim noted that USHER is unlikely to be seeking a WebTrust audit any time in the next year or so.