HEPKI-TAG October 5th, 2005

*HEPKI-TAG Conference Call*
October 5, 2005

*Action Items*

(new)
[AI] Eric will try to recruit Mairead Martin for the PKI Early Adopters project.
[AI] Eric will will look into the possibility of getting Apple to include USHER root certs.

(from previous calls)
[AI] All who can test the Eudora S/MIME plugin, or find others to do so, will contact Jim.
[AI] Jim will expand the signing-tools matrix with columns on APIs and scripting tools; multiple signatures (parallel vs. stacked); and whether or not the tool lets you add a trust anchor.
[AI] All who have time to investigate one or more of the signing tools at http://middleware.internet2.edu/hepki-tag/new/signing2.html will contact Jim.
[AI] Jim will continue looking at PKI Lite cert profiles for Rice's code-signing application.
[AI] Eric will call Mozilla's attention to the fact that they don't support the standards needed to recognize trust anchors on tokens, and nudge them to do something about it.
[AI] Eric will continue seeking feedback on his Top 10 lists, especially from HCISec.
[AI] Jim will get an OID for PKI Lite from MACE.
[AI] Mark will ask Jed Dobson for more information on OSG.
[AI] David will look at some of the products listed at
http://middleware.internet2.edu/hepki-tag/new/signing2.html in the light of the list of questions there.
[AI] Neal will continue looking at OpenOffice, and Jim will look at eLock. [AI] Jim will send the list more information on the Acrobat transcript-signing work at U. of Chicago.
[AI] Jim will draft a discussion of the pros and cons of hierarchical and flat campus PKIs for discussion on a future call.
[AI] All will send Jim further suggestions for TAG projects.
[AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.

*Attendees*

Neal McBurnett (acting chair) - Internet2
Nathan Faut - KPMG
Eric Norman - Wisconsin
Renee Frost - Michigan/Internet2
Ben Chinowsky (scribe) - Internet2

*Discussion*

The Call for Papers for the 5th Annual PKI R&D Workshop has been sent out; it's also at http://middleware.internet2.edu/pki06/. The focus of the workshop will be "Making PKI Easy to Use".
Renee noted that the PKI Early Adopters project (see http://middleware.internet2.edu/docs/internet2-pki-cfp1.pdf) is still looking for project proposals.
[AI] Eric will try to recruit Mairead Martin for the PKI Early Adopters project.
[AI] Eric will will look into the possibility of getting Apple to include USHER root certs.

Other developments:
- Neal called the group's attention to the CAcert effort
(http://www.cacert.org/), which he described as a PGP/X.509 hybrid. Getting certs into browsers is a top priority for CAcert.
- Eric noted that Ron DiNapoli has gotten Aladdin eTokens working on a Mac, which means they should be able to work on anything with a PKCS11 interface, e.g. Mozilla. See http://www.nabble.com/Interfacing-eToken-Pro-OpenSC-with-Apple-Keychain-t362607.html.
- Neal noted that there's a new beta release of OpenOffice; he's hoping its signing capabilities have been improved.