September 22, 2004
Attendees

* Neal McBurnett (acting chair) - Internet2
* Jim Jokl (chair) - U. Virginia
* Eric Norman - U. Wisconsin
* Nathan Faut - EDUCAUSE
* Nick Lewis - Internet2
* Renee Frost - Michigan/Internet2
* Barry Ribbeck - UT Houston
* Ben Chinowsky (scribe) - Internet2

Discussion

The minutes of the previous meeting were approved without changes.

Most of the call was devoted to USHER issues:

1. Online cert revocation. On the one hand, we want to be able to offer fast revocation at any time, including during vacation periods when staff may be unavailable to approve revocation requests. This would mean having an online revocation server that could operate without human intervention. On the other hand, doing this would create vulnerability to DoS attacks. The group agreed that, for the time being at least, fast revocation is not worth the risk, so revocation will be done manually at the campus level. [AI] Neal will note in the USHER documents that revocation may not be immediate, and will continue encouraging people to suggest ways to do fast revocation securely. The group also agreed to do a FAQ on why we don't think the vacation-staffing problem is a big one.
2. HSMs. There was general agreement that we don't want to use anything that relies on users having the right drivers. A list of the various HSMs Neal is looking into is at http://bcn.boulder.co.us/~neal/i2/crencat/usher-cps.html. Eric noted that all but the cheapest tokens can do secure messaging via "a mini-SSL connection".
3. Applications. - Eric observed that the most pressing need on the campuses seems to be securing email to comply with HIPAA. Eudora's lack of support for S/MIME is one issue here, which TAG is attempting to address with the letter to Qualcomm; getting certs into the browsers is another. - Jim noted that form-signing software is very expensive; an open-source tool that enabled signing both an XML description of the form itself, and the information in the form, would be most welcome. - Barry noted that UTH is looking at options for 1) authenticating mass mailings from the administration, so (for example) pranksters can't shut down the campus with a bogus snow-day message, and 2) authenticating "please change your password" messages, so people don't think they're from hackers. [AI] Barry will send links to UTH's email authentication code and related materials on user education.
- As an alternative to getting the roots in the browsers, Eric has been experimenting with using a trust anchor on a token. To do this, you have to get the browser both to trust a root it gets from a token, and not to trust anything else; the latter is harder, because of all the certs already built into browsers. Eric has gotten this to work using Mozilla. [AI] Eric will look for pointers on using trust anchors on tokens.

Action Items

1. [AI] Neal will note in the USHER documents that revocation may not be immediate, and will continue encouraging people to suggest ways to do fast revocation securely.
2. [AI] Barry will send links to UTH's email authentication code and related materials on user education.
3. [AI] Eric will look for pointers on using trust anchors on tokens.
4. [AI] Jim will prompt his contacts with various organizations to get endorsements for the Eudora S/MIME letter. [AI] Jim will change the draft version of section 1.6 in the PKI-lite policy to version 1.0 and circulate to the list for final review.
5. [AI] Eric will contact Denise for input on the user portion of his Top 10 project.
6. [AI] All will send Eric suggestions for his Top 10 lists.