Internet2 PKI Labs Conference Call, March 11, 2002

*PKI Labs Conference Call*
March 11, 2002

*Attendees*

Neal McBurnett (convener) - Internet2

Bob Brentrup - Dartmouth
Sean Smith - Dartmouth

Eric Norman - Wisconsin

Bob Morgan - Washington
Renee Frost - Michigan/Internet2
Olga Kornievskaia - Michigan
Cliff Neuman - ISI
Carl Ellison - Intel

Ben Chinowsky (scribe) - Internet2

*Discussion*

The minutes of the previous meeting were approved without changes.

Bob Morgan opened the discussion with an update on RSA's assertion of patent rights in the OASIS SAML working group. Bob noted that the patents involved (6085320 and 6189098, the latter a "continuation" of the former) appear to be of very broad scope; he described them as covering "a user authenticating to an authority that hands them a signed object attesting to that authentication." UW has lawyers looking at these patents. Bob also noted that "the statement from RSA folks to the SAML group was that a royalty-free license to this patent for implementing SAML would be made available by RSA as long as all other holders of patents covering SAML-standardized technology did the same." For more information see http://lists.oasis-open.org/archives/security-services/200203/msg00137.html.

The Wisconsin S/MIME medical records project, while still limited to only a handful of users, is using S/MIME to pass patient records among clinics in different towns. HIPAA-conscious higher-ups at the Wisconsin medical school are telling clinicians that they have to secure email or stop using it. The project had to abandon the Eudora Tumbleweed plugin because it's not available for the Mac; they're switching everyone to Messenger. Eric continues to work on his SPKI paper, and asked the group for further comments on the outline he sent to the list March 4.

Sean Smith sent the list a detailed Dartmouth update. Bob Brentrup noted that in Dartmouth's signed-files-changing-without-appearing-to research, the Acrobat "invisible signature" field seems hardest to break so far. In response to a question from Neal, Sean acknowledged that deceptive use of fonts might be a way to attack PDF files, but all the attacks tried so far show up in the record of changes to the document. More on this work is at http://www.cs.dartmouth.edu/~pkilab/demos/workflow/. Dartmouth SSH work is also proceeding; they have made two hires, and have started design work on how to make use of secure coprocessors. Bob has been looking at an assortment of S/MIME clients and how they interact with various PKIs.

At ISI, Cliff is mostly working on policy issues, looking at "some of the temporal aspects of policies when you start having conditioned evaluations". This is an outgrowth of GAAAPI work; the idea is to find a way for a forbidden connection through a firewall to trigger an upgraded threat condition, and apply policies accordingly -- like the blue lights that go off when an unsecured individual enters a secured area. At Michigan, Olga is writing up her thesis proposal on Kerberos for the Grid.

There was a short discussion of the possible implications for PKI of D. J. Bernstein's recent theoretical work on factoring methods. Bernstein's work shows that for arbitrarily large keys (as N approaches infinity), and using a correspondingly large amount of idealized parallel hardware, an important part of the factoring task can be accomplished much more quickly. A key of size 3N could be processed in the time that previous methods require for a key of size N. Bernstein is looking for a grant to explore whether, for normal-sized keys, these techniques would be practical and faster than previous methods. Neal noted that many think they wouldn't be, while others (not Bernstein himself) have already raised alarms. See:
- worried:
http://www.inet-one.com/cypherpunks/dir.2002.03.18-2002.03.24/msg00560.html
- not very worried:
http://www.inet-one.com/cypherpunks/dir.2002.03.18-2002.03.24/msg00583.html
and
http://www.counterpane.com/crypto-gram-0203.html#6

Finally the group touched on XKMS-related issues to be discussed at the fast-approaching NIH/NIST/Internet2 1st Annual PKI Research Workshop (http://www.cs.dartmouth.edu/~pki02/). The meeting will be preceded by a W3C XKMS working group meeting and will include a panel on XKMS. Carl encouraged Sean to find someone to argue against XKMS on performance grounds. Carl also noted that another big concern with XKMS is that vendors could "use it as a tollbooth", as Carl believes has happened with SSL; there was general agreement that it would be good to have someone address this objection. Neal noted that with XKMS, as with HEPKI's PKI Lite, making PKI easier to use also makes it more open to attack. Another commonality with PKI Lite is the concern that tradeoffs made now will create bigger problems in the future.

The next PKI Labs call will take place at 4pm Eastern / 1pm Pacific / 2000 UTC on April 8, in accordance with the regular second-Monday call schedule.

*Action Items*

[AI] 11-February - Bob Morgan will suggest to HEPKI-TAG that it consider including a web-of-trust component in its S/MIME project.
[AI] 11-February - Bob Brentrup will put John Marchesini in touch with Eric to discuss virtual hierarchies.
[AI] 18-December - Bob Moskowitz and Carl will further discuss ways of increasing the user-friendliness of using raw public keys to set up devices.
[AI] 20-November - Eric will forward Bob Juenemann's comments on why PKI hasn't taken off yet.
[AI] 13-August - Bob Moskowitz will forward the list email on PKI work at Fannie Mae.
[AI] 4-June - Bob Moskowitz will send the list information on Federal work related to attribute certs.