Internet2 PKI Labs Conference Call, April 2, 2001

*Internet2 PKI Labs Conference Call*
April 2, 2001

*Attendees*

Neal McBurnett (convener) - Avaya

Ed Feustel - Dartmouth
Sean Smith - Dartmouth
Bob Brentrup - Dartmouth

Eric Norman - Wisconsin
Eric Bach - Wisconsin

Steve Bellovin - AT&T
Carl Ellison - Intel
Jeff Schiller - MIT
Ken Klingenstein - Colorado/Internet2
Renee Frost - Michigan/Internet2
Ellen Vaughan - Internet2

Ben Chinowsky (scribe) - Internet2

*Discussion*

After the group approved the minutes of the previous meeting, Ken gave a short FPKI update. Peter Alterman and Tim Polk gave an update at the Internet2 Member Meeting (see http://www.internet2.edu/activities/html/spring01-presentations.html). The GAO report appears to be irrelevant; no one agrees with the GAO's single-authority recommendation. Ken is talking to the Feds about middleware in general (in the context of the LSN initiative) next week. There seems to be "a blip" between the Federal and commercial versions of the Mitretek bridge software; a meeting to work out these issues is set for April 25. [AI] Ken will ask the Feds for guidance for campuses that want to get started on working with the FBCA.

The draft generic HEPKI CP is done; it came out big and complicated. Jeff remarked that "I can be snide and say it basically required we follow nuclear lab security", and cited separation of duties, physical space control, and the physical presence of applicants as particularly expensive for universities to implement. Jeff argued that for now HEPKI should try to implement something simpler, with a single level of security. There was general agreement with Jeff's assertion that "PKI is not the secret sauce", but rather another way to do things we already do. Ken pointed out that one answer to the question, Why hasn't the infection from MIT spread further?, is that with MIT in the Subject name, no CP/CPS is needed; he suggested coming up with an inter-institutional case where a CP/CPS is not needed. Eric Norman has suggested that the single level of assurance should be like a campus ID card; Ken argued that we should aim higher than the "degenerate case" involved in Shibboleth (no persistence from session to session), but not so high as full PKI. "Right now we're pushing a rope -- as this conversation illustrates, we don't have a driving application." [AI] Jeff will write up the applications MIT has tried for its certs.

There was a discussion of the recent news of VeriSign issuing a bogus Microsoft cert. While there was general agreement that this episode underscores the need for CRL checking, there was no agreement on the details of how CRLs should work. Carl commented that "I'm not sure that nonrepudiation can ever happen"; Ed observed that while, from a legal standpoint, making nonrepudiation happen is a matter of setting up an appropriate definition, the problem is that "just as with real signatures there's lots of stuff you have to collect." With wet signatures, a notary serves as a witness; timestamps can perform part of this function for digital signatures, but are no substitute for physical presence. Ed stressed the importance of better understanding digital signatures, so we can decide what changes need to be made to the law of liability; Carl replied "I'd be very worried if you did that...I guarantee we will not be able to bind a private key to a human being." Carl argued for using a credit-card-like two-channel, two-pass process, and acknowledged that, as with credit cards, this would mean that some fraud would take place; Sean gave the example of betting both ways on something and then later repudiating the losing bet. There was general agreement that each application or application group will need its own way of doing things; in some cases physical presence will be required. Carl pointed out that what makes existing systems work is that someone is willing to take risks and absorb losses. [AI] Jeff will send the list Dan Geer's piece on risk management vs. trust management.

Ed and Sean gave a short Dartmouth update; they have students working on secure archiving, fixing the browser-server paradigm, and finding out the extent to which existing browsers "can be made to do something useful for the user". Ed has also been working with CDSA, but is encountering serious usability problems; watch the Dartmouth site for details. Wisconsin and Dartmouth have been discussing a joint NSF proposal.

Finally the group discussed topics to address in future meetings. There was much interest in authorization; Ed identified the key issues as being a) what kinds of attributes to have and b) how to deal with domains having different notions of policy and different ideas of what names mean. Eric Norman pointed out that we need to know more about the structure of privilege and authorization; all policies seem to have common concepts, and we need to find out what those concepts are. Other issues include inter-vendor interoperability (possibly using CDSA) and the relevance of the PGP model.

*Action Items*

[AI] Ken will ask the Feds for guidance for campuses that want to get started on working with the FBCA.
[AI] Jeff will write up the applications MIT has tried for its certs.
[AI] Jeff will send the list Dan Geer's piece on risk management vs. trust management.