Untitled Document

Technical Activities Group Meeting Minutes
HEPKI TAG

November 6, 2002
Attendees

* Jim Jokl, Virginia
* Bob Morgan, Washington
* Renee Frost, Internet2
* Ken Klingenstein, Internet2
* Neal McBurnett, Internet2
* Michelle Gildea, CREN
* Erin Norman, Wisconsin
* Michael Gettes, Georgetown
* Deb Crocker, Alabama
* David Wasley, UCOP
* Jeff Schiller, MIT
* Bill Doster, Michigan
* Keith Hazelton, Madison
* Jeanette Fielden, Internet2

Discussion

Bridge Testing: Jim did get three more volunteers, so it looks there are six volunteers total. It was agreed to issue the certificates and then try to use them in various media, and exchange e-mail about initial results before planning the next steps.

Outlook challenges document for SMIME. Eric is concerned that Microsoft has likely already addressed a number of these things. Michelle pointed out that she has observed that some of things people report experiencing under the standard install she is not seeing with the corporate install. General frustration was expressed that there wasn't a manual that outlines what's available and how Outlook/Outlook Express works with respect to PKI.

There was extended discussion over how encrypted material should be treated/stored. In determining the level of securing, it depends on where you perceive the threat. Is the biggest concern novices losing their keys or is it Internet snooping or is it local hacking? It's a threat model with trade-offs on convenience and security. The approach should be keyed to an organizational policy. It's important to articulate the problem you're trying to solve and then what the various mitigating factors, including human nature, might be.

The request is to allow encryption and/or signatures to be independent of each other. And to be able to accept a certificate for which the key usage bits are set to one or the other, the certificate doesn't have to do both.

Outlook Express will let you only use a signing certificate if your institution won't issue encryption certificates, but Outlook will not. If would be nice if they both allowed it. A second item is a configuration option that would let you store documents in clear text even if they were sent encrypted. Additional configuration options that could allow you to control local encryption at the local level would be great, i.e. anything that goes into a certain folder is encrypted, or clear etc. It's a difficult problem with a lot interface design concerns. There was no general consensus in the discussion.

CREN certificate validation process: One question is what if you have 5000 people and the process isn't automated? CREN authorizes one person on campus to act as a registration authority and enter the information for people they want to issue certificates to. We don't plan on thousands but a small number, currently ~150. It's aimed at small campuses that don't have the capability to issue certificates. One question was, in the certificate profile, the subject name needs to relate to something in the campus enterprise directory. How/who does this binding happen? Michelle indicated that that they had not been considering relating it to the campus, but thought it needed to be discussed on the CREN side.

The user 10 digit pin: Half the pin gets mailed to the user. The second half is set at the RA process by the CDCR identifies them. Is the CDCR allowed to send both sets of five digits to one e-mail address? We would prefer that it be either two discrete e-mail, or some combination of e-mail, phone, or in person. What are better options? Perhaps if the first five digits are given as a part of the CDCR process? The RA process needs to be integrated with standard business process for identification authentication.

There is renewed interest in kx.509 in the Grid community. USC has deployed kx.509 pretty much across their campus. There will be a call about it tomorrow. One of the goals of the call is to understand what are the likely targets for the first uses of kx.509 in the grid space and talk to the administrators at those targets to determine what they would need. There was consensus that the initial focus of the effort will be on what's feasible currently. USC put their computer lab clusters on a grid, and an interesting side effect is that students notice a delay in responsiveness of the workstation so they were rebooting them thinking there was a machine problem. As a result, they are soldering the power switches down. So there are issues coming to light that will need to be addressed. There was discussion of the role PKI light and if it should be considered because eventually larger environments will need to be supported. PKI light doesn't take out revocation it makes suggestions about whether you should do it or not, while HECP does have something about revocation. Perhaps HECP needs to be adjusted.

Ken will try to get a representative from USC on the next call so the discussion can be continued.

The next call will be November 20, 2002.