PKI-Light Project Goals/Assumptions/Questions

Initial Preliminary Draft Version: August 1, 2001
 

1. Overarching goal - simplify the PKI as much as possible while still enabling some applications.  S/MIME and Web authentication are the early PKI-Light applications.
   
   
2. A good way to explain  with PKI-Light is to draw on the idea of technological innovation vs application procedures.  The idea is to use PKI but without attempting to redo and make correspondingly more complex all of the existing procedures used our processes.
   
   
3. Revocation: up to the institution.  If a CRL pointer exists in the cert, the CA will issue CRLs and will adhere to the promised next issue date in the CRL.
   
   
4. We will not specify key usage but may choose to hint at a good default answer.
   
   
5. PKI-Light will not specify a requirement for separate signing and encryption certs
   
   
6. PKI-Light will not impose a requirement for key escrow.  Should we recommend against it?
   
   
7. Certificate Policy OID.  Considerations: skip the oid, issue a null I2 OID so that people start to think about this, agree on a trivial policy and issue an OID, etc.
   
   
8. Fully on-line CAs with an appropriate level of system security are OK for PKI-Light applications.  PKI-Light does not specify any particular level of protection for the PKI-Light campus CA?
   
   
9. Should PKI-light specify the initial level of identity assurance?