Untitled Document

Technical Activities Group Meeting Minutes
HEPKI-TAG Conference Call

October 9, 2002
Attendees

* Jim Jokl, Virginia
* Deb Crocker, Alabama
* Eric Norman, Wisconsin
* Bob Morgan, Washington
* David Wasley, UCOP
* Jeanette Fielden, Internet2
* Neal McBurnett, Internet2

Discussion

Neal sent excerpts from a Slashdot article on inexpensive SSL certificates. There are low cost certificates that appear to work in 90+ % of the browsers out there. There is also TinyCA, a simple graphical user interface written in Perl/Tk to manage a small CA. After discussion the group decided that it would be worthwhile to place some information regarding inexpensive CA's on the website to help educate people on the subject of what to look for. It was also agreed that a closer look at TinyCA is in order.

JDK discussion: If you pointed your Java browser at this particular java component what this would do to applets? There's the question of which set of roots do you go to when there are different components that talk to each other? This appears to be yet another certificate store that people have to worry about. Is Sun going to incorporate or look at native root stores in terms of this stuff? Perhaps it would be worthwhile to ask Sun if they have the ability to use other stores, such the Microsoft store if it's loaded on a PC? Which leads to the question of exactly who would you be trusting in terms of signing java applets? It was agreed that this and the alternatives should be understood.
Document update:

Root certificate download: Jim will add Active X to case 2 since some users turn Active X off. If anyone has additional comments please send to Jim. He will add the document to the website.

Outlook express document: Jim mailed the updated document to list, which includes previously discussed changes in section D. Eric will dig into how you create an S/MIME capabilities object that includes a certificate. If you have any comments/corrections please e-mail them to Jim. The next step will be to forward it to Microsoft.

Hardware Tokens: Still trying to recruit more people for this work. David volunteered to document the tool they're using. A number of people are covering what their campus is using/implementing. More are still needed! The goal is to finish up the table in the next couple of weeks.

Jim hasn't had time yet to work on the S/MIME plug-in for Eudora document.

Evaluating bridge capabilities of XP: Access to certificates has been an issue. Dartmouth and Wisconsin are reportedly set up on the bridge. Jim will talk to Dartmouth to see if there is a way to issue certificates to a few members of the group so the work on interoperability can begin. Eric will handle it for Wisconsin.

The next call will October 23, 2002.