*Internet2 PKI Labs Conference Call*
January 16, 2001
*Attendees*
Neal McBurnett (convener) - Avaya
Bob Brentrup - Dartmouth
Punch Taylor - Dartmouth
Larry Levine - Dartmouth
Ed Feustel - Dartmouth
Sean Smith - Dartmouth
Jim Matthews - Dartmouth
Keith Hazelton - Wisconsin
Juanita Hung - Wisconsin
Eric Norman - Wisconsin
Carl Ellison - Intel
Bob Moskowitz - ICSA
Vishwa Prasad - AT&T
Bob Morgan - Washington
Stephen Farrell - Baltimore
Jeff Schiller - MIT/CREN
Olga Kornievskaia - Michigan
Steve Bellovin - AT&T
Ken Klingenstein - Colorado/Internet2
Ben Chinowsky (scribe) - Internet2
*Discussion*
The discussion opened with a review of some of the previous call's action items.
[1. Rich will notify the PKI Labs list when the DoJ releases its
digital-signatures guidelines.]
[AI] Ken will look for a URL for the newly-released DoJ digital-signatures
guidelines.
[2. Ken will recruit volunteers from the PKI Labs to plan a broad,
single-tracked PKI Labs research workshop.]
[AI] Ken will send out a rough agenda for the PKI Labs research workshop.
Ken's suggestion that attribute certs be one of the workshop's areas of
focus was greeted with a chorus of agreement.
[3. Bob Brentrup will provide some information on the protocol Dartmouth has
been using to share information with other schools.]
See http://www.dartmouth.edu/pages/softdev/WebAppAuthenticate.html,
http://www.dartmouth.edu/pages/softdev/IDAP.html, and
http://www.dartmouth.edu/pages/softdev/modsidecar.html.
[4. Neal will arrange a PKI Labs get-together at the upcoming IETF meeting.]
Done.
[5. Steve Bellovin will write up a summary of the NymIP meeting, aiming for the
week after IETF.]
Certs will be involved in this effort, but the
meeting was too unfocused to be worth worth writing up. [AI] Steve will keep
tracking NymIP, and forward anything that seems relevant.
[6. Keith will download the Linux CDSA software.]
Both Wisconsin and Dartmouth have acquired the CDSA software. Carl
encouraged participants to send him comments and questions -- "not that I'm
the support person."
Ken asked the group for their thoughts on changes in the overall status of PKI in 2000. Eric observed that PKI has become more visible, and is therefore encountering more difficulties. Neal noted that the emergence of DSNIFF makes it much easier to launch man-in-the-middle attacks on SSL and SSH; see http://www.counterpane.com (Eric: "anyone interested in crypto should subscribe to Counterpane"), http://www.securityportal.com/cover/coverstory20001218.html, http://www.securityportal.com/seifried/sslssh-followup20001222.html, and http://sysadmin.oreilly.com/news/silverman_1200.html. Carl noted that the term "PKI" appears to be taking on increasingly negative connotations; his group at Intel is "groping for a better label", and "strong access control" is the leading contender. Carl also noted that while the idea of strong access control is unpalatable to many left-leaning members of the computing community, he has been working with human rights activists who want to use it to protect their Central American informants from reprisals -- lack of access control can cut both ways. Control of users by PKI vendors is also a big issue.
There was a long discussion of uses for ID certs and assorted pseudonymous alternatives to them. HEPKI-TAG is working on an ID-cert profile; so far, acquiring Grid certs is the sole guiding application for this, and Ken asked the group for others. Condor-related apps, some of the apps described on the Dartmouth PKI Labs site, and medical apps were suggested. Ken also noted that he's seen no instances of ID certs being used in the commercial sector, and asked for pointers to any such instances. A big question is whether users will need to have multiple ID certs, and if so, where the ID crosswalk should happen. Carl recounted that he had just visited a 35-person company where the primary identifier is first name, and that's what goes in their certs -- what to do about that? Neal observed that many people see identifier certs as primarily useful in small domains; for larger ones, authorization and groups are seen as more important. Shibboleth aims to do identity resolution by using the pseudonym-issuer combination to provide a place to go to get more information; Keith suggested using multiple pseudonyms so they can't be tracked. Neal noted that for some purposes it will be necessary to ensure that users of pseudonymous certs are still subpoena-able; attribute mapping and a second "if you want to sue someone" cert were suggested as approaches to this problem. Part of the reason credit cards are so secure is that they use a two-path protocol -- first you submit the number, then you check the charge on your statement. How to incorporate a two-path protocol into PKI?
There was broad, but not complete, agreement that starting with a pseudonym and providing a path to more information is more attractive than using a pure ID cert; against this it was argued that it's hard to beat the efficiency of using a single ID cert. Ken summed up the main issues as being 1) how and where to correlate identifiers that are unique within, but not across, different domains, and 2) how a trust-brokering site is to know whether or not to pass a named cert.
Carl made some suggestions about the specific problem of how to ensure that a patient can verify that they are really exchanging email with their doctor and not an impostor, even when the doctor is just whoever happens to be on call. [AI] Keith will write up Carl's doctor-patient communication suggestions and try to work them into Wisconsin's medical work. It was noted that, as an aspect of non-repudiation, this issue "seems legally heavy already"; it was also noted that "having the lawyers in early is better than having them in late".
Ken recalled a comment of Carl's to the effect that many users are unwilling to perform even one extra mouse-click for the sake of security; this provoked a general discussion of usability and user-education issues. There was general agreement that these issues need more attention than they have so far received, and some interest in them as topics for the projected PKI Labs workshop. Brands, the IKE (Internet Key Exchange, part of IPsec) group, and an advanced-user-interface group at Philips have all produced relevant work on the idea of progressive disclosure. Keith noted Bob Blakley's concern that negotiation protocols lead to enormous complexity very quickly; there was general agreement. Juanita reported on the results of ten interviews she conducted with a variety of medical people. Her informants discussed their usability, liability, and technical concerns; their willingness to deal with security ranges from a single mouse-click to willingness to subject themselves to extensive training. Complete results of this work will appear on the Wisconsin PKI Labs site.
Finally there was a short discussion of access control languages. Eric noted that while the focus here has been on controlling access to things on the server, the same process can be used for the user to specify who has access to their personal info on the client side. A language that can be used to specify access control policy at both ends will need to be able to specify negotiation. Keith has run across the term Agent Communication Languages (note the heavily overloaded acronym) and would particularly welcome pointers to related work. He noted that in this area "specific is easy and general is hard"; specifying scenarios is key. Sean observed that no matter what you do, pages you visit are stored in your web cache, and there's HTML code that can find that information; how to deal with this is an important research topic. [AI] Bob Moskowitz will send out pointers to his IETF work on the Host Identifier Payload.
Neal encouraged everyone to send other interesting URLs to Ben as "grist for the minutes". The next call will be on Monday, Feb. 12, from 10:00am to 11:30am EST.
*Action Items*
[AI] Ken will look for a URL for the newly-released DoJ digital-signatures
guidelines.
[AI] Ken will send out a rough agenda for the PKI Labs research workshop.
[AI] Steve will keep tracking NymIP, and forward anything that seems
relevant.
[AI] Keith will write up Carl's doctor-patient communication suggestions and
try to work them into Wisconsin's medical work.
[AI] Bob Moskowitz will send out pointers to his IETF work on the Host
Identifier Payload.