Untitled Document

Technical Activities Group Meeting Minutes
HEPKI-TAG Conference Call

January 26, 2005
Attendees

* Jim Jokl (chair) - Virginia
* Jeff Schiller - MIT
* Eric Norman - Wisconsin
* Mark Franklin - Dartmouth
* Scott Rea - Dartmouth
* Nathan Faut - eValid8
* Neal McBurnett - Internet2
* Nick Lewis - Internet2
* IJ Kim - Internet2
* Ben Chinowsky (scribe) - Internet2

Discussion

Most of the call was devoted to choosing the initial CP/CPS for USHER users: PKI-Lite (http://middleware.internet2.edu/hepki-tag/pki-lite/pki-lite-policy-practices-current.html) or the Federal C4 policy (http://www.cio.gov/fpkipa/documents/citizen_commerce_cpv1.pdf).

For the first 4-6 months of USHER operation, what do we want to tell USHER customers they have to do? Jim outlined some key differences between C4 and PKI-Lite:

1. liability - C4 $500; Lite none
2. governing law - C4 US Court of Appeals; Lite is silent on this
3. audit - C4 requires audits; Lite is silent on this
4. revocation - C4 requires CRLs, with revocations published within 72 hours; Lite doesn't require CRLs
5. key generation - C4 requires that CA private keys be generated using a FIPS140 or better module. This means OpenSSL with no hardware module wouldn't be good enough for C4; it would be good enough for Lite.

The group agreed to use the PKI-Lite CP/CPS to launch USHER. The principal benefit of using C4 would be in identifying which Federal level of assurance USHER would meet, but using C4 would involve a much more heavyweight process for USHER participants. A lightweight process that meets the needs of higher education is a high priority for the initial stages of USHER; cross-certifying with the Feds is not, though it is expected to become a priority in the future. The group discussed changes needed to PKI Lite in order to get it to version 1.0. [AI] Jim will revise the PKI-Lite CP/CPS (sections 1.4, 1.6, and 1.7 in particular) and send it to the list for approval to move to v1.0.

Finally, Nathan gave a brief introduction to his new employer, eValid8 (http://www.evalid8corp.com/). Nathan and eValid8 president Brian Dilley participate in the FPKI PA as nonvoting observers; eValid8 is pursuing a variety of corporate and government clients.
Action Items

1. [AI] Jim will revise the PKI-Lite CP/CPS (sections 1.4, 1.6, and 1.7 in particular) and send it to the list for approval to move to v1.0. [see http://pkidev.internet2.edu/pki-lite-policy-practices-4-4.doc] (from previous calls)
2. [AI] Jeff will send Jim a Mutt column for the TAG S/MIME table.
3. [AI] Eric will ask Scott Fullerton if he wants to work on internal CA audit requirements.
4. [AI] All will send Jim further suggestions for TAG projects.
5. [AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.
6. [AI] Eric will look for pointers on using trust anchors on tokens.
7. [AI] Eric will contact Denise for input on the user portion of his Top 10 project.
8. [AI] All will send Eric suggestions for his Top 10 lists.