*PKI Labs Conference Call*
January 14, 2002
*Attendees*
Neal McBurnett (convener) - Internet2
Sean Smith - Dartmouth
Bob Brentrup - Dartmouth
Keith Hazelton - Wisconsin
Eric Norman - Wisconsin
Cliff Neuman - ISI
Bob Morgan - Washington
Carl Ellison - Intel
Peter Honeyman - Michigan
Renee Frost - Michigan/Internet2
Ellen Vaughan - Internet2
Ben Chinowsky (scribe) - Internet2
*Discussion*
The minutes of the previous meeting were approved without changes. Eric provided references to Audun Josang's work on quantification of trust: see http://security.dstc.edu.au/staff/ajosang/papers.html, especially http://security.dstc.edu.au/staff/ajosang/papers/algcert.pdf.
The group reviewed some of its outstanding action items:
[18-December-2001 - Bob Moskowitz and Carl will further discuss ways of
increasing the user-friendliness of using raw public keys to set up
devices.]
Still to do. Carl noted that he's helping a colleague at Intel prepare a
paper on this topic for the PKI Research Workshop.
[18-December-2001 - Carl will send Sean a suggestion for using authZ
certs instead of name certs in Yasir's project, and cc the PKI Labs list.]
Partly done; replace with [AI] Carl will forward the PKI Labs list his
suggestions to Sean for using authZ certs instead of name certs in
Yasir's project. Sean described his exchange with Carl as centering on the
differences between what's appropriate for a smaller, Dartmouth-like
namespace (linking the PKI to the namespace) and what's appropriate for
a larger, Intel-like namespace (Carl's "direct I-name-the-public-key
approach").
[18-December-2001 - Sean will set up a submissions page for the PKI
Research Workshop, using passwords for security at first.]
Done.
[20-November-2001 - All will a) disseminate the PKI Research Workshop
CFP far and wide, and b) personally contact people who are likely to be
interested in participating in the Workshop.]
Done.
At Wisconsin, Eric is readying a paper on simpler SPKI; he's trying to do what Rivest and Lampson did in SDSI 1.0, but in a less ad-hoc way. Progress with S/MIME continues to be slow. Wisconsin is working with Mitretek to get cross-certified with the FBCA. Eric noted that just installing the software needed to participate in the S/MIME pilot takes around fifteen hours.
The Dartmouth Lab is close to releasing demos of E-Lock and a spoof-proof browser. The security problem Ramia found with signed Word documents is looking like it will take significant effort to fix. Sean has hired a programmer to work on Yasir's WebALPS demo.
Finally, Sean updated the group on planning for the PKI Research Workshop. Submissions are starting to come in; the submission deadline is January 28. Rich Guida and Carl have committed to speaking on classic PKI vs. decentralized PKI; [AI] Carl will send Sean an outline of what he's planning to say in his decentralized-PKI talk.
Per the newly-established regular conference call schedule (4pm EST / 2100 UTC on the second Monday of each month), the next PKI Labs call will begin at 4pm EST on Monday, February 11.
*Action Items*
[AI] 14-January - Carl will forward the PKI Labs list his
suggestions to Sean for using authZ certs instead of name certs in
Yasir's project.
[AI] 14-January - Carl will send Sean an outline of what he's planning
to say in his decentralized-PKI talk.
[AI] 18-December - Bob Moskowitz and Carl will further discuss ways of
increasing the user-friendliness of using raw public keys to set up devices.
[AI] 20-November - Eric will forward Bob Juenemann's comments on why
PKI hasn't taken off yet.
[AI] 10-September - Eric will a) investigate and document a problem
that Ed has encountered with using PKIUser objects to get certs from LDAP
directories (what the user sees in the retrieved cert is only a fingerprint,
not cert details), and b) send the list information on his experience with
cert retrieval using Internet Explorer.
[AI] 13-August - Bob Moskowitz will forward the list email on PKI work at
Fannie Mae.
[AI] 4-June - Bob Moskowitz will send the list information on Federal work
related to attribute certs.