HEPKI-TAG Call - May 30, 2007

*HEPKI-TAG Conference Call*
May 30, 2007

*Attendees*
Jim Jokl (chair) - Virginia
Nathan Faut - KPMG
Eric Norman - Wisconsin
Jeff Schiller - MIT
David Wasley - independent
Neal McBurnett - Internet2
Ben Chinowsky (scribe) - Internet2

*Action Items*
(new)
[AI] Jim and David will draft a list of questions for the campus PKI survey.

(from previous calls)
[AI] Jim will contact John Krienke and Greg Wood about USHER publicity, and cc David.
[AI] Jim will follow up with Bob about TAG input on http://www.ietf.org/internet-drafts/draft-simon-emu-rfc2716bis-09.txt
[AI] David will follow up with his contact for information on SAFE-BioPharma applications for electronic signatures.
[AI] All who know of non-email applications for electronic signatures, will send info to Jim.
[AI] Neal will find out how different browsers determine whether to display the EV green bar, and whether browser modifications are required when a new CA is approved to issue EV certs.
[AI] Eric will experiment with delivery and trust of root and intermediate certs via the web in Mozilla-family browsers.
[AI] Jim will incorporate Scott's digsig-tools information into the HEPKI-TAG web site.
[AI] Jim will expand the signing-tools matrix with columns on APIs and scripting tools; multiple signatures (parallel vs. stacked); and whether or not the tool lets you add a trust anchor.
[AI] Jim will get an OID for PKI Lite from MACE.
[AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.

*Discussion*
Jim noted a suggestion from the last USHER meeting: that TAG survey Internet2 campuses to find out where and how PKI is being used. [AI] Jim and David will draft a list of questions for the campus PKI survey.

The group discussed the implications of a new factoring record (see http://www.schneier.com/blog/archives/2007/05/307digit_number.html). Jeff suggested that while it's "not time to ring the klaxon", and that 2048-bit keys are in no danger, any CA using 1024-bit keys should be thinking about making the transition to 2048 bits (as is MIT). Eric noted that the new factoring record involved a thousand computers working for nine months. There was general agreement that there's no imminent threat, except maybe to very rich targets.

David noted that he has joined a new IETF mailing list for discussion of trust anchor management: http://www.vpnc.org/ietf-trust-anchor/ . [A BoF is planned for Friday, July 27, at the Chicago IETF: http://www3.ietf.org/proceedings/07jul/agenda/tam.txt]

Eric attended the May 14-16 Internet Identity Workshop (http://iiw.windley.com). The main communities represented were Liberty Alliance, CardSpace, and OpenID; Bob Morgan and Eric represented Shibboleth. The meeting included some successful interoperability testing. Eric observed that there are clearly many people who want to make sure that CardSpace doesn't end up being Microsoft-only, in particular noting the IBM-backed Higgins project (http://wiki.eclipse.org/index.php/Higgins_Wiki) and Novell's Bandit project (http://www.bandit-project.org/index.php/Welcome_to_Bandit). Overall, Eric reported that he was "encouraged by the fact that all the people working on this stuff are talking to each other."

Eric also noted Internet2's announcement that Shibboleth will support CardSpace (https://mail.internet2.edu/wws/arc/i2-news/2007-05/msg00009.html) and news from Microsoft about support for open-source relying parties (http://self-issued.info/?p=11).