January 26, 2005
* Jim Jokl (chair) - Virginia
* Jeff Schiller - MIT
* Eric Norman - Wisconsin
* Mark Franklin - Dartmouth
* Scott Rea - Dartmouth
* Nathan Faut - eValid8
* Neal McBurnett - Internet2
* Nick Lewis - Internet2
* IJ Kim - Internet2
* Ben Chinowsky (scribe) - Internet2
Most of the call was devoted to choosing the initial CP/CPS for USHER users: PKI-Lite (http://middleware.internet2.edu/hepki-tag/pki-lite/pki-lite-policy-practices-current.html) or the Federal C4 policy (http://www.cio.gov/fpkipa/documents/citizen_commerce_cpv1.pdf).
For the first 4-6 months of USHER operation, what do we want to tell USHER customers they have to do? Jim outlined some key differences between C4 and PKI-Lite:
1. liability - C4 $500;
2. governing law - C4 US Court of Appeals; Lite is silent on this
3. audit - C4 requires audits; Lite is silent on this
4. revocation - C4 requires CRLs, with revocations published within 72 hours; Lite doesn't require CRLs
5. key generation - C4 requires that CA private keys be generated using a FIPS140 or better module. This means OpenSSL with no hardware module wouldn't be good enough for C4; it would be good enough for Lite.
The group agreed to use the PKI-Lite CP/CPS to launch USHER. The principal benefit of using C4 would be in identifying which Federal level of assurance USHER would meet, but using C4 would involve a much more heavyweight process for USHER participants. A lightweight process that meets the needs of higher education is a high priority for the initial stages of USHER; cross-certifying with the Feds is not, though it is expected to become a priority in the future. The group discussed changes needed to PKI Lite in order to get it to version 1.0. [AI] Jim will revise the PKI-Lite CP/CPS (sections 1.4, 1.6, and 1.7 in particular) and send it to the list for approval to move to v1.0.
Finally, Nathan gave a
brief introduction to his
new employer, eValid8 (http://www.evalid8corp.com/).
Nathan and eValid8 president
Brian Dilley participate
in the FPKI PA as nonvoting
observers; eValid8 is pursuing
a variety of corporate and
1. [AI] Jim will revise
the PKI-Lite CP/CPS (sections
1.4, 1.6, and 1.7 in particular)
and send it to the list
for approval to move to
v1.0. [see http://pkidev.internet2.edu/pki-lite-policy-practices-4-4.doc]
(from previous calls)
2. [AI] Jeff will send Jim a Mutt column for the TAG S/MIME table.
3. [AI] Eric will ask Scott Fullerton if he wants to work on internal CA audit requirements.
4. [AI] All will send Jim further suggestions for TAG projects.
5. [AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.
6. [AI] Eric will look for pointers on using trust anchors on tokens.
7. [AI] Eric will contact Denise for input on the user portion of his Top 10 project.
8. [AI] All will send Eric suggestions for his Top 10 lists.