PKI Labs Conference Call, September 16, 2002

*PKI Labs Conference Call*
September 16, 2002

*Attendees*

Neal McBurnett (convener) - Internet2

Sean Smith - Dartmouth
Bob Brentrup - Dartmouth

Eric Norman - Wisconsin

Peter Honeyman - Michigan
Olga Kornievskaia - Michigan
Bob Morgan - Washington
Carl Ellison - Intel
Cliff Neuman - USC ISI
Lisa Hogeboom - Internet2

Ben Chinowsky (scribe) - Internet2

*Discussion*

The minutes of the previous meeting were approved without changes. MACE chair Bob Morgan led a discussion of the current profusion of XML-based security specifications: SAML, XrML, XACML, XKMS, XML Encryption, XML Signature, WSS, and more. Bob observed that "the scary thing about XML overall" is the variety of standards all claiming to be indispensable. Work on XML signatures has enabled many other projects (including SAML), resulting in great complexity: layering multi-optioned protocols creates billions of combinations, only a few of which are likely to work at all. Bob noted that in creating SAML, setting up all the X.509 configuration underneath was a huge hassle, and took most of the group's time. While there are some who might like to see X.509 replaced by XML, that's not looking likely. SAML assertions combine a signer, a policy evaluation, and X.509-like components.

Carl noted that SAML had left out the primary mechanism of uPnP: an authZ cert going from someone with the power to delegate some particular thing to someone delegated to do it. Bob has seen claims that XrML does include this, and suggested that it might also be possible to use XACML. Eric noted work underway on enabling ASN.1 to be used on the wire but expanded to XML for when you care about, e.g., textual processes; Bob noted that he sees less concern with what's on the wire than with how people like to specify their data structures, which is increasingly in XML. A big concern here is the XML schema language, which is "widely despised"; people are working on alternatives to it, but multiple schema languages lead again to hideous complexity. Bob also noted the emergence of WSS, a new OASIS group based on work by Microsoft and VeriSign. WSS bases everything on XML and SOAP, and has been the subject of much discussion in IETF lately. Carl stressed the importance of resisting pressure to move uPnP to WSS, which would amount to having stuff that's already shipping depend on stuff that hasn't even been defined yet.

Finally, Bob discussed the September 9 NMI & Digital Rights Management Workshop (www.ait.utk.edu/drmworkshop/) chaired by Mairead Martin, who also chairs VidMid-VoD. The workshop was a gathering of people from higher education who are involved in DRM. Many of the concerns raised were more national-level policy concerns than technical concerns. A DRM working group is forming; one of its tasks will be to figure out where the technical issues are -- e.g. if a certain standard is only useful for saying "you can only play this Britney Spears song three times", rather than for expressing what universities want to express, we should avoid using that standard.

Noting that "there are quite a few interpretations of the One True PKI Vision", Sean mentioned that he had recently run into a neglected one. This interpretation says that because we have to be sure we can trust the CA to do the right thing with its private key, we have to keep the CA completely isolated from customers; therefore we have to put the RAs close to the customers, subjecting the RAs to an assortment of "nefarious influences". Deciding which RAs to trust then turns into "a huge can of worms". Neal suggested that, as CA vendors currently promise nothing, it would be nice to at least be able to trust them not to have conflicts of interest. Eric observed that there's a sense in which trust is inversely proportional to closeness, and Carl noted that the view Sean describes makes sense as a justification for having an isolated cert factory, so you'd expect it to come from people who run such factories. Bob Brentrup observed that in the academic world there are some people who do it this way just for the convenience of outsourcing -- not the CA outsourcing the RA, but vice versa. Alabama, for example, puts the RA on campus and communicates the information it gathers to a CA run by DST.

Eric reported that the Wisconsin S/MIME pilot has now lasted long enough that certs have started to expire. People are finding out that reissuing a cert changes its serial number, which various software uses to identify the cert. Users, thinking that if they kept the same keys they would retain the same functionality, have in many cases deleted the old certs. Neal observed that it seems that you need to hold on to old certs in order to retain validity period info. Carl noted Ross Anderson's work on this problem with using certs for medical records. Neal mentioned another case in which the period of time for which the cert is required is longer than its likely validity period: copyrights that last for the life of author plus several decades.

A detailed Dartmouth update is at www.cs.dartmouth.edu/~pkilab/research/. Lexign has purchased Elock, which had been considered best-of-breed for doing PKI with MS Office until Sean and his students showed the many holes in it. Lexign ProSigner is a repacked Elock and has all the same problems. Sean made some observations about some of the platforms Dartmouth is looking at: SE Linux, from NSA, is geared to Multi Level Security (MLS) and is very hard to configure; HP Linux is geared to compartmentalization; OpenBSD is moving toward MLS but not claiming to provide high security. Sean observed that a lot of this stuff seems geared to "what was necessary 20 years ago to keep military secrets safe in a standalone computer", and suggested that formalizing this observation would make a good paper.

The group discussed the draft Call For Proposals for the 2nd Annual PKI Research Workshop. Neal noted that the planners will work with the PKI Forum to get better publicity this year. Sean reported that Ravi Sandhu has lined up another special journal issue. Sean suggested that all who attended the first workshop be notified of the availability of the electronic and (soon) printed final proceedings of the first workshop. It was agreed that for the second workshop, as for the first, both paper and electronic versions of the proceedings and preproceedings will be produced. It appears that, for now at least, printed proceedings still carry more prestige, though Peter suggested that this is likely to change over the next five years or so as archives move to the Web. It was agreed not to solicit position papers this time around.

The next call will be October 7 at 4 PM EDT, a week earlier than regularly scheduled.