*HEPKI-TAG Conference Call* August 24, 2005

*HEPKI-TAG Conference Call* August 24, 2005

*Action Items*

(new)
[AI] All who can test the Eudora S/MIME plugin, or find others to do so, will contact Jim.
[AI] Jim will expand the signing-tools matrix with columns on APIs and scripting tools; multiple signatures (parallel vs. stacked); and whether or not the tool lets you add a trust anchor.

(from previous calls)
[AI] All who have time to investigate one or more of the signing tools at
http://middleware.internet2.edu/hepki-tag/new/signing2.html will contact Jim.
[AI] Jim will continue looking at PKI Lite cert profiles for Rice's code-signing application.
[AI] Eric will call Mozilla's attention to the fact that they don't support the standards needed to recognize trust anchors on tokens, and nudge them to do something about it.
[AI] Eric will continue seeking feedback on his Top 10 lists, especially from HCISec.
[AI] Jim will get an OID for PKI Lite from MACE.
[AI] Mark will ask Jed Dobson for more information on OSG.
[AI] David will look at some of the products listed at http://middleware.internet2.edu/hepki-tag/new/signing2.html in the light of the list of questions there.
[AI] Neal will continue looking at OpenOffice, and Jim will look at eLock.
[AI] Jim will send the list more information on the Acrobat transcript-signing work at U. of Chicago.
[AI] Jim will draft a discussion of the pros and cons of hierarchical and flat campus PKIs for discussion on a future call.
[AI] All will send Jim further suggestions for TAG projects.
[AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.

*Attendees*

Jim Jokl (chair) - Virginia
Eric Norman - Wisconsin
Bob Morgan - Washington
Jeff Schiller - MIT
David Wasley - independent
John Krienke - Internet2
Neal McBurnett - Internet2
Renee Frost - Internet2
Ben Chinowsky (scribe) - Internet2

*Discussion*

Jim is looking for volunteers to test the initial version of the Eudora S/MIME plugin. [AI] All who can test the Eudora S/MIME plugin, or find others to do so, will contact Jim.

The USHER PA will be presenting an update at the Internet2 Member Meeting; see http://events.internet2.edu/2005/fall-mm/sessionDetails.cfm?session=2276&event=239. The USHER CA cert profile (see http://middleware.internet2.edu/hepki-tag/ usher-common/hepkiCA-root-profile-current.html) is on the verge of finalization.

Jim has posted a partial draft signing-tools matrix at http://middleware.internet2.edu/hepki-tag/new/signing2.html. [AI] Jim will expand the signing-tools matrix with columns on APIs and scripting tools; multiple signatures (parallel vs. stacked); and whether or not the tool lets you
add a trust anchor. Eric argued for more specifics on what applications -- e.g. workflow systems, transcript-signing applications -- can work with each signing tool; Jim suggested putting this in the Interoperability column. Neal suggested adding a column on how resistant to attacks the tool is likely to be, given recently-discovered hash-function vulnerabilities. In future versions, Jim will include this information in the Signature Format column.