Internet2 PKI Labs Conference Call, October 15, 2001

*PKI Labs Conference Call*
October 15, 2001

*Attendees*

Neal McBurnett (convener) - Internet2

Bob Brentrup - Dartmouth
Ed Feustel - Dartmouth
Sean Smith - Dartmouth

Eric Norman - Wisconsin

Peter Honeyman - Michigan
Michael Gettes - Georgetown
Ken Klingenstein - Colorado/Internet2
Carl Ellison - Intel
Vishwa Prasad - AT&T
Renee Frost - Michigan/Internet2
Ellen Vaughan - Internet2
Bob Morgan - Washington

Ben Chinowsky (scribe) - Internet2

*Discussion*

After correcting and approving the minutes of its last meeting, the group discussed issues raised by the imminent HEBCA deployment. Dartmouth is joining the HEBCA pilot; the idea is that Dartmouth will be able to put dual signatures on an electronic version of an NIH grant form, and NIH will be able to validate those signatures. Michael noted that NIH's Peter Alterman is on the FPKI steering committee and wants to demonstrate the NIH grant application working through the FBCA cross-certified with the HEBCA.

The HEBCA discussion led into a discussion of the relative merits of, and relationships between, the bridge and hierarchical models for PKI. Ed noted that bridges scale better, avoiding the n-squared-minus-one problem. Michael said that the bridge model is more survivable; he also noted that while hierarchies work well within a community such as a university or a government agency, bridges are necessary for interaction among already-established hierarchies. The major drawback of bridges is that they increase the complexity of policy issues. While common browsers are able to handle hierarchies, they are not yet able to handle bridges; however, bridges are one implementation of the PKIX standards, not a departure from them. It was noted that at a technical level the only differences between the bridge and hierarchical models are in path building and path validation.

The group discussed naming and authorization issues with bridges. Carl raised the issue of namespace collisions, and Michael agreed that universities that have not planned for globally unique names may need to reissue certs to get the HEBCA to work. HEPKI-TAG continues to advocate dc naming as a way of globally uniqueifying local names, thereby making universities' entry into the PKI world much less painful. Carl noted that even where, as at Intel, everyone has a long DN, Outlook only shows the common name, and users make security decisions based on the common name alone. This causes problems, as groups larger than about a thousand people start having common-name collisions. Carl suspects that Microsoft made a deliberate decision to show only the common name; he observed that users rarely make use of the tools available for finding DNs, and suggested that Microsoft is adapting to this hard-to-change characteristic of the human user. Bob Morgan noted that the problem of common-name collisions is not PKI-specific; he's working on the same problem with authZ software at UW. Neal asked how, in the HEBCA pilot, NIH will know that the person signing the grant is, e.g., Bob Morgan the IT architect and not some other Bob Morgan; Bob Brentrup answered that the second signature will certify the approval of the school submitting the grant. This principle can be extended as many levels deep as you want; Eric added that the goal is to ensure that a conspiracy is required to make something bad happen. Carl pointed out that the information that's really needed is not the signer's name but whether or not the signer has authorization to make a particular representation; there was general agreement. This can be done either via authorization certs or via a directory or database infrastructure that can answer the question, "Can this cert do that?" Carl advocates using two certs: one to bind the attributes to the identifier, the other to bind the identifier to the key.

HEPKI is continuing to work on PKI Lite; the group discussed this work with a primary focus on the question, "Is PKI Lite a dead end?" At MIT, which serves as a model for PKI Lite, there is no revocation, just a one-year cert lifetime and annual reissuance; revocation is done by "zeroing out authorizations". MIT has convinced five external business partners to accept its certs without any possibility of restitution if they suffer monetary losses, thus avoiding a huge tangle of legal issues. There is some skepticism about whether this approach can be generalized; Ken asked if anyone had any stories that would inspire optimism in this respect. Carl outlined two different concepts of the purpose of PKI: 1) the legally troublesome one, which is "tied up with this idea of being made whole", the idea being that the PKI is there to authenticate someone so that you can "go after them with lawyers" if something bad happens, and 2) the approach taken by Intel: the PKI guards secrets, and transactions so large that lawyers couldn't make Intel whole anyway; Intel therefore empowers keys to perform actions, but is not at all concerned with nonrepudiation. Carl observed that PKI Lite's approach is like Intel's. Carl also noted that Intel's bilateral contracts with its business partners contain "no CPS talk". For example, if an Intel purchasing agent is sloppy about guarding his or her private key, that's an Intel internal matter, not an issue between Intel and its business partners -- Intel has committed to pay for anything bought with that key. Bob Morgan noted that multilateral agreements like Club Shib could take the place of bilateral agreements like Intel's.

Ken noted that there has been little PKI news from the medical world lately; Carl noted that Intel has sold its medical certs business. Wisconsin is continuing its work with its medical center.

Neal asked that anyone with a "send document X to person Y" action item also send document X to the PKI Labs list. The group reviewed three action items:

[10-September-2001 - Ed will forward to the PKI Labs list information he sent HEPKI-TAG on the UT-Houston certs deployment.]
Done.

[10-September-2001 - Eric will a) investigate and document a problem that Ed has encountered with using PKIUser objects to get certs from LDAP directories (what the user sees in the retrieved cert is only a fingerprint, not cert details), and b) send the list information on his experience with cert retrieval using Internet Explorer.]
Still to do.

[10-September-2001 - Peter will send the list references to his work on Kerberos/PKI integration.]
Still to do. Ken noted that there may be NMI resources for a shrinkwrapped version of Michigan's KX.509 work; Renee is pursuing this with Bill Doster.

Ken gave a short NMI update, emphasizing a focus on video work. Carl asked if there is any way to create ad hoc secure video connections without a PKI at both ends; he is interested in doing video security via cert fingerprints exchanged in email. Ken replied that the group is pursuing a more Shibboleth-like model, based on institutional rather than individual certs, and noted that "the long-term business model is identity service providers that you authenticate to." Ken also observed that, judging from the VIMM, it seems like the videoconferencing systems most Internet2 participants have access to are adequate -- it's "better plumbing" that's required. NMI is at http://www.nsf-middleware.org; also see http://middleware.internet2.edu/video/.

Finally, there was a short discussion of the current fear that Osama bin Laden is using steganograpy in his videotaped messages. [AI] Carl will send the list a URL for an article from the German press pointing out that "all these worries about steganography and encrypted email are coming from the press, not the FBI."

The next PKI Labs call will be on Tuesday, November 20, at 3pm EST (2000 UTC).

*Action Items*

[AI] 15-October-2001 - Carl will send the list a URL for an article from the German press pointing out that current fears about steganography and encrypted email are coming from the press, not the FBI.
[AI] 10-September-2001 - Eric will a) investigate and document a problem that Ed has encountered with using PKIUser objects to get certs from LDAP directories (what the user sees in the retrieved cert is only a fingerprint, not cert details), and b) send the list information on his experience with cert retrieval using Internet Explorer.
[AI] 10-September-2001 - Peter will send the list references to his work on Kerberos/PKI integration.
[AI] 10-September-2001 - Eric will work on making his demo cert-issuing site more widely available.
[AI] 13-August - Eric will put Carl in touch with someone he knows who's working on an access control project for the Swedish Army.
[AI] 13-August - Carl will send the list information on a new cert generator project.
[AI] 13-August - Bob Moskowitz will forward the list email on PKI work at Fannie Mae.
[AI] 13-August - All will send Ken any information they have on organizations that might be interested in participating in the PKI Research Conference.
[AI] 4-June - Bob Moskowitz will send the list information on Federal work related to attribute certs.