Technical Activities Group Meeting Minutes
HEPKI-Tag Call

February 25, 2004
Attendees

* Jim Jokl, U. Virginia
* Eric Norman, U. Wisconsin
* Bob Brentrup, Dartmouth
* Steve Hanna, SUN Microsystems
* Shelly Henderson, USC
* Scott Fullerton, U. Wisconsin
* Bob Morgan, U. Washington
* Jeanette Fielden, Internet2
* Neal McBurnett, Internet2

Discussion

Neal forwarded a message from Peter St. Andre of the Jabber Software Foundation to the list. There is end-to-end encryption in the XMPP standard but it is not implemented in any clients that Peter was aware of.

Jim wanted to verify that the group still wants content on the HEPKI-TAG website about S/MIME vs. PGP, where they might be best used, and the different trust models between them. There was general agreement to include it on the website.
MAC OS X Issues

Jim announced that the latest patch for MAC OS X.3 fixes the issue with respect to the CREN root not having basic constraints marked critical. Apple acted very quickly in releasing the fix.
Oasis PKI Action Plan

There was general agreement that HEPKI-TAG supports the OASIS PKI action plan. There was also agreement that a cover letter should be sent containing recommendations and feedback on the plan. HEPKI-TAG will recommend endorsing the action plan to MACE for review. While there was general endorsement, it's not clear who will have resources available to devote to implementing the action plan. U. Wisconsin is having a meeting Friday to discuss whether they can devote resources towards implementation of the plan. [AI] Jim will investigate if there are any Educause concerns with HEPKI-TAG endorsing the OASIS PKI Action Plan. [AI] Bob Morgan will investigate any concerns on the Internet2 side with HEPKI-TAG endorsing the OASIS PKI Action Plan.

Steve Hanna joined the call and indicated that they will be moving from the endorsement phase to the implementation phase very quickly. Sub-committees will be set up for each of the five action items. David Wasley has joined the TC and will probably join one of the subcommittees. Others from HEPKI-TAG are welcome to join since it is important to have the university perspective represented.

The TC meets once a month by phone, and other business is conducted by e-mail. At the moment there are 15 voting members. There are two requirements to participate: you or your organization must be a member of Oasis and you must attend two out of every three meetings to vote. The cost is $250 for individual, $1000 for a non-profit organization. If the attendance requirement is not met you can be an observer. Observers can't vote but can be in subcommittees. The attendance requirement can be met without travel. Bob Morgan indicated that he believes Internet2 is planning to join as a non-profit which would enable other HEPKI-TAG members to join under them as well.

Bob Morgan attended the RSA conference where there were all kinds of proposals to deal with SPAM, though it is not clear that any possessed technical substance.

Eric reported on issues with the Lyris mail server. It changes a multi-part signed message into a non-multi-part signed message. He is not aware of any vendor efforts to fix the issue.

Neal listed the panels that will be at the PKI04 workshop on April 12th. See http://middleware.internet2.edu/PKI04 for general information. He is looking for panel participants. Panels scheduled are: Which PKI approach to use for which application domain, Short path discovery, Document signature panel, Dynamic delegation of rights, Smart token cards and how it interacts with OS software, and Possibly a human factors panel. [AI] All: Please let Neal know of people who would make good panel participants for the PKI04 workshop on April 12th.
S/MIME Clients Table Category

Barry and Mark have been digging into LDAP behavior and where the encryption certificates need to be. Some clients need to get the certificate into the local address book and others are able to query LDAP dynamically. Netscape and Mozilla query dynamically. There is a registry edit that you can do for Outlook to query dynamically. If you have encryption certificates in the campus LDAP those clients will work well. Jim is proposing to add a row for S/MIME clients table. Currently there is a yes/no answer for LDAP directory support for certificate download. The new row will specify what kind of LDAP support is available. Jim will also add a note to cover Eric's concern over what happens if you can't contact the LDAP server.

Jim also requested that people update the S/MIME client table for the client they are using.


Action Items

1. AI] All: Please let Neal know of people who would make good panel participants for the PKI04 workshop on April 12th.
2. [AI] Jim will investigate if there are any Educause concerns with HEPKI-TAG endorsing the OASIS PKI Action Plan.
3. [AI] Bob Morgan will investigate any concerns on the Internet2 side with HEPKI-TAG endorsing the OASIS PKI Action Plan.