Internet2 PKI Labs Conference Call, February 11, 2002

*PKI Labs Conference Call*
February 11, 2002

*Attendees*

Neal McBurnett (convener) - Internet2

Bob Brentrup - Dartmouth

Eric Norman - Wisconsin

Olga Kornievskaia - Michigan
Renee Frost - Michigan/Internet2
Bob Morgan - Washington
Carl Ellison - Intel
Lisa Hogeboom - Internet2

Ben Chinowsky (scribe) - Internet2

*Discussion*

After correcting and approving the minutes of the previous meeting, the group discussed issues raised by the upcoming HEPKI-TAG S/MIME pilot. Bob Morgan observed that this is a low-overhead project; many schools that have been hesitant about PKI in the past are interested in participating. The group discussed the possibility of including a web-of-trust component; it appears that at least some of the project's mail clients support self-signed certs and using thumbprints for manual cert acceptance. [AI] Bob Morgan will suggest to HEPKI-TAG that it consider including a web-of-trust component in its S/MIME project. Bob Brentrup, who is helping Jim Jokl organize the project, noted that there's a general sense that a bridge CA would be a natural follow-on to the S/MIME pilot. Carl objected that a bridge would greatly enlarge the namespace; by contrast, using thumbprints avoids namespace collisions entirely.

Carl noted that "What we need here at Intel is permission groups -- groups of keys that are allowed to see docs in a given project", and the group reaffirmed its consensus that group authorization is a must-solve problem for PKI.

Bob Morgan recently spent some time with Grid security architects; he gave a short description of the Grid security model. Grid security uses proxy certs: to delegate powers, a user generates a new key pair and uses his or her own key to sign a cert for the delegate. The current proxy certs grant all powers, but the Grid architects are working on adding restrictions. Bob noted that proxy certs have been accepted as a PKIX work item; the motivation is to provide functions like those of a Kerberos TGT. Bob noted that the Grid security model is all name-based; Carl expressed dismay at this, but Bob characterized it as "living with the current world". The Grid's Community Authorization Service will support per-project allocation of resources by issuing certs that have a project name rather than an individual's name in the Subject field. Bob suggested that Grid security is an area where the PKI Labs need to do some work, and there was general agreement.

There were short reports from the Dartmouth and Wisconsin PKI Labs. Bob Brentrup referred the group to Sean's email of February 8, adding that a recent focus is "what has to happen in an emergency situation when you have to form a virtual team". Eric expressed interest in Dartmouth's work on virtual hierarchies; [AI] Bob Brentrup will put John Marchesini in touch with Eric. Dartmouth now has cross-certification set up with the FBCA, and is working to resolve RSA/Entrust compatibility issues. Papers for the PKI Research Workshop have been sent out for review. Eric reported from Wisconsin; their S/MIME pilot is "still plodding along". Eric also noted that he is "getting more and more enthralled with the idea that SDSI names did it right". He's working on a writeup; the central idea is that the ability to name groups of keyholders is really all you need to do authorization.

Finally the group discussed user-interface problems with web-of-trust products. Some of these products tend to give users a false sense of security. For example, Neal noted that when Evolution does a successful signature checksum, it displays a lock and a green checkmark even if the signature has not been certified by anyone on the user's keyring; it also fails to prompt the user to find out if the signer is known. Carl noted that his preferred web-of-trust interface relies on SDSI names; all keys are anonymous until Carl gives them names. Neal asked how then to decide if a key should get a name; Eric replied that "you can track that multiple messages are signed by the same person and let them build up a reputation". Carl strongly endorsed this approach, saying "that's how you get to know someone online". Carl also singled out Mailcrit as a non-misleading web-of-trust client; it sums up signature-checking results as good, failed, or good-from-untrusted-key. There was also a short discussion of the quantification-of-trust approach suggested by Audun Josang. Neal observed that Josang's system faces big acceptance hurdles because it requires signers to share opinions that they won't want to share. Rather than a simple, egalitarian "sign or don't sign" decision, it requires that people share two different fine-grained estimates: 1) how likely a key is to really be bound to another person, and 2) how reliable that person is in certifying other keys.

The next PKI Labs call will take place at 4pm Eastern / 1pm Pacific / 2100 UTC on March 11, in accordance with the regular second-Monday call schedule.

*Action Items*

[AI] 11-February - Bob Morgan will suggest to HEPKI-TAG that it consider including a web-of-trust component in its S/MIME project.
[AI] 11-February - Bob Brentrup will put John Marchesini in touch with Eric.
[AI] 14-January - Carl will forward the PKI Labs list his suggestions to Sean for using authZ certs instead of name certs in Yasir's project.
[AI] 14-January - Carl will send Sean an outline of what he's planning to say in his decentralized-PKI talk.
[AI] 18-December-2001 - Bob Moskowitz and Carl will further discuss ways of increasing the user-friendliness of using raw public keys to set up devices.
[AI] 20-November-2001 - Eric will forward Bob Juenemann's comments on why PKI hasn't taken off yet.
[AI] 13-August - Bob Moskowitz will forward the list email on PKI work at Fannie Mae.
[AI] 4-June - Bob Moskowitz will send the list information on Federal work related to attribute certs.