5th Annual PKI R&D Workshop:
Making PKI Easy to Use
April 4-6, 2006, NIST, Gaithersburg MD

The official proceedings are published as a NIST Technical Publication, and available for download: NISTIR 7313.

5th Annual PKI R&D Workshop:

Making PKI Easy to Use

Proceedings

Workshop Summary by Ben Chinowsky

Tuesday, April 4, 2006

9:00 am - 9:15 am
Opening Remarks

Ken Klingenstein, Internet2, General Chair

Kent Seamons, Brigham Young University, Program Chair (ppt)

9:15 am - 10:15 am
Keynote Address: Has Johnny Learnt To Encrypt By Now? (ppt)

Examining the troubled relationship between a security solution and its users

Angela Sasse, University College London

10:45 am - 11:45 am
Session 1: Standards I

Session Chair: Rich Guida, Johnson & Johnson


How Trust Had a Hole Blown In It. The Case of X.509 Name Constraints (pdf)

David Chadwick, University of Kent



Invited Talk: NIST Cryptographic Standards Status Report (ppt)

Bill Burr, NIST


11:45 am - 12:45 pm

Session 2: Standards II - Leveraging DNSSEC and PK-INIT
Session Chair: Neal McBurnett, Internet2


Invited Talk - Trust Infrastructure and DNSSEC Deployment (ppt)
Allison Mankin, Consultant



Invited Talk - Integrating Public Key and Kerberos (ppt)
Jeffrey Altman, Secure Endpoints Inc.

1:00 pm - 2:00 pm
LUNCH



2:00 pm - 3:30 pm

Session 3: Revocation
Session Chair: Von Welch, NCSA ? University of Illinois


Invited Talk - Enabling Revocation for Billions of Consumers (ppt)

Kelvin Yiu, Microsoft



Navigating Revocation through Eternal Loops and Land Mines (ppt)

Santosh Chokhani & Carl Wallace, Orion Security Solutions, Inc.

4:00 pm - 5:30 pm

Session 4: Easy-to-Use Deployment Architectures
Session Chair: Stephen Whitlock, Boeing


Simplifying Credential Management through PAM and Online Certificate Authorities (paper: pdf; presentation: ppt)
Stephen Chan & Matthew Andrews; NERSC / Lawrence Berkeley National Lab

Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, GridShib, and MyProxy (paper: pdf; presentation: ppt)

Tom Barton, University of Chicago

Jim Basney, NCSA/Univ of Illinois

Tim Freeman, University of Chicago

Tom Scavo, NCSA/University of Illinois

Frank Siebenlist, MCSD, Argonne National Laboratory

Von Welch, NCSA/University of Illinois

Rachana Ananthakrishnan MCSD/ Argonne National Lab

Bill Baker, NCSA/University of Illinois

Monte Goode, Lawrence Berkeley National Laboratory

Kate Keahey, MCSD/Argonne National Lab



PKI Interoperability by an Independent, Trusted Validation Authority (paper: pdf; presentation: ppt)

Jon Ølnes, DNV Research; Norway




Wednesday, April 5, 2006


9:00 am - 10:30 am

Session 5: Panel - Digital Signatures

Panel Moderator: David Chadwick, University of Kent



Panel members
      Ron DiNapoli, Cornell University (pdf)

      Anders Rundgren, RSA Security (ppt)

      Ravi Sandhu, George Mason University (ppt)


11:00 am - 12:45 pm

Session 6: Domain Keys Identified Mail (DKIM) and PKI

Session Chair: Barry Leiba, IBM



Achieving Email Security Usability (paper: pdf; presentation: ppt)
Phillip Hallam-Baker, VeriSign, Inc.



DKIM Panel Members

Jim Fenton, Cisco (pdf)

Phillip Hallam-Baker, VeriSign, Inc.

Tim Polk, NIST & IETF PKIX Co-chair (ppt)


1:00 pm - 2:00 pm
LUNCH


2:00 pm - 3:30 pm

Session 7: Work in Progress (WIP)
Session Chair: Krishna Sankar, Cisco Systems



Scheduled topics:

  • Experiences Securing DNS through the Handle System (ppt)

    • Sam Sun, CNRI

  • International Grid Trust Federation: How to Build Trust Across the Global Grid

    • Michael Helm, ESnet Berkeley Lab (ppt)

    • Doug Olson, Lawrence Berkeley National Lab (ppt)

  • Suite B Enablement in TLS: A Report on Interoperability Testing Between Sun, RedHat, and Microsoft (ppt)

    • Vipul Gupta, Sun

    • Robert Relyea, RedHat

    • Kelvin Yiu, Microsoft

Impromptu Rump Session (Sign-ups will be taken prior to the WIP by Jason Holt)

    • PKCS11 integration with Mac OS X keychain - Ron DiNapoli, Cornell (pdf)

    • Abuse: Towards Usefully Secure Email – Chris Masone, Dartmouth

    • Mobile Phones as Secure Containers – Anders Rundgren, RSA Labs (ppt)

    • Does an offline CA make sense – David Cooper, NIST (ppt)


4:00 pm - 5:30 pm

Session 8: Panel -  Browser Security User Interfaces

Why are web security decisions hard and what can we do about it?

Panel Moderator: Jason Holt, Brigham Young University

Combined presentation: (ppt)

Panel members
      Amir Herzberg, Bar Llan University

      Frank Hecker, Mozilla Foundation

      Sean Smith, Dartmouth University

      George Staikos, KDE

      Kelvin Yiu, Microsoft









Thursday, April 6, 2006

9:00 am - 9:30 am
Session 9: PKI in Higher Education

Session Chair: Eric Norman, University of Wisconsin


CAUDIT PKI Federation - A Higher Education Sector Wide Approach (paper: pdf; presentation: pdf)

Viviani Paz, Australian Computer Emergency Response Team

Rodney McDuff, The University of Queensland



9:30 am - 10:45 am

Session 10: Panel - Federal PKI Update
Panel Moderator - Peter Alterman, National Institutes of Health   



Panelists

Judy Spencer, General Services Administration (ppt)

David Cooper, NIST (pdf)

11:15 am - 12:30 pm

Session 11: Panel - Bridge to Bridge Interoperations
Panel Moderator - Peter Alterman, National Institutes of Health  (ppt)


Panelists

Debb Blanchard, Cybertrust (ppt)

Santosh Chokhani, Orion Security Systems, Inc. (ppt)

Scott Rea, Dartmouth College (ppt)

12:30 pm - 12:45 pm
Wrap up