Internet2 PKI Labs Conference Call, November 28, 2000

*Internet2 PKI Labs Conference Call*
November 28, 2000

*Attendees*

Ken Klingenstein (co-convener) - Colorado/Internet2
Neal McBurnett (co-convener) - Avaya

Bob Brentrup - Dartmouth
Punch Taylor - Dartmouth
Larry Levine - Dartmouth
Ed Feustel - Dartmouth
Sean Smith - Dartmouth

Keith Hazelton - Wisconsin
Eric Norman - Wisconsin
Scott Fullerton - Wisconsin
Larry Landweber - Wisconsin

Vishwa Prasad - AT&T
Rich Guida - FPKI TWG
Cliff Neuman - USC/ISI
Bob Moskowitz - ICSA
Jeff Schiller - MIT/CREN
Carl Ellison - Intel
Peter Honeyman - Michigan
Steve Bellovin - AT&T

Ben Chinowsky (scribe) - Internet2
...and a few others...

*Discussion*

Neal noted that he is planning to post minutes of the PKI Labs meetings; corrections and other feedback on the minutes should go to him.

Rich noted that the Department of Justice is putting together guidelines for digital signatures in criminal and civil proceedings, and suggested that the PKI Labs hold off on pursuing legal issues until after this comes out. [AI] Rich will notify the PKI Labs list when the DoJ releases its digital-signatures guidelines.

The group discussed two ideas for PKI workshops: a best-practices-gathering workshop modeled on Early Harvest (see http://middleware.internet2.edu/earlyharvest/) and a broader PKI research workshop. It was agreed that the latter approach is more suited to the current early stage of development of PKI; [AI] Ken will recruit volunteers from the PKI Labs to plan a broad, single-tracked PKI Labs research workshop.

Ken presented a short overview of the Shibboleth project. Shibboleth aims to enable inter-domain Web access by using each domain's local authentication scheme and exchanging tokens with different sites for authentication and authorization; the central idea is that by mediating with an internal security domain, you can achieve a measure of privacy. The project's biggest question is whether it will be possible to provide inter-realm authentication with existing browsers. The earliest projected applications are digital library access and sharing web sites for courseware. Two consortia working on similar problems (http://www.AuthXML.org, led by Securant, and http://www.S2ML.org, led by Netegrity) have emerged in the last week. Shibboleth aims to have test code by March and Apache code by summer. [AI] Bob Brentrup will provide some information on the protocol Dartmouth has been using to share information with other schools.

Ken and Neal requested that the corporate PKI Labs participants send them mail on what's being done in the corporate sector with dc naming and more generally with the problem of how to find directories. [AI] Neal will arrange a PKI Labs get-together at the upcoming IETF meeting. The Sunday before IETF there will be the initial gathering of the NymIP research group, with participation by John Bashinski of Zero-Knowledge Systems, Scott Bradner of Harvard, Steve Bellovin, and a number of other well known researchers and practitioners. See http://nymip.sourceforge.net. [AI] Steve Bellovin will write up a summary of the NymIP meeting, aiming for the week after IETF. [AI] Ken will ping Steve about the NymIP meeting.

There was a wide-ranging discussion of work on bridges. Wisconsin and Dartmouth are interested in working together on policy languages. The FBCA software may be made available to higher education; the Feds are working to ensure that it can cross-certify with both Baltimore and Entrust, and to enable LDAP chaining. Entrust, working under contract to NSA, has produced Outlook/Eudora/Notes plug-ins that will do trust-path discovery and processing, including checking CRLs and doing policy mapping; [AI] Rich will provide a URL to a report and a set of DLLs from Entrust's work for NSA. Rich noted that there are two ways to deal with certification paths: have the client deal with everything, or use a "cert path creation server". The Feds are pursuing the latter approach; its advantages are thin clients, the ability to cache trust paths, the ability to put in pre-wired DNS-like trust paths, and more generally its promise for reducing demand for bandwidth and cycles. The cert path creation server currently does not work across constraint fields, but will soon. Technologies being developed by Mitretek and Architech were noted as possibly worth pursuing in this area. Carl noted that there is research to be done on "what it means to have a bridge", as well as on implementation.

Next were campus updates. Wisconsin has been holding weekly status meetings and strengthening their connections to the Grid via Steve Tuecke and others. A new professor (Somesh Jha) and grad student have come on board; Somesh is working to arrange a visit from a KeyNote expert. Wisconsin's human-factors work is well underway, and they are assessing concerns of physicians re email and security. At Dartmouth, the current foci include authorization delegation in complex cross-domain situations, attribute certs for machines, documenting requirements for redressing the insufficiency of the current browser paradigm, and getting trusted servers running. The Dartmouth researchers aim to be "pack rats", gathering as much existing work as possible so as to reinvent as few wheels as possible; to this end, they are already in discussions with Baltimore and Entrust. It was noted that in the apps work there is great need for a non-trivial way to express policy requirements. Bob Brentrup has been working to leverage PKI Labs funding for work on apps for academia, again first researching what's available.

There was a long discussion of privacy and PKI. If traditional identity certs are the dominant model for most uses of PKI, the privacy implications are profound, since it will be easy to track users by their keys (like a global SSN-equivalent). Some privacy questions that have both policy and technical aspects are: What can be done by a user of a web site do to verify that the site is following the privacy policy it claims to be following? Within a large organization, how can a conscientious server operator know that the organization is doing what it's supposed to do? Neal noted that there are situations, like that of the FBCA, in which PKI is useful precisely because transactions are *not* anonymous; he posed the question as being "How do we provide tools that allow people to achieve the kind of pseudonymity or anonymity they need?" Possible approaches include using separate signature and encryption keys, providing the opportunity to have lots of certs, having options besides centralized CAs, and Brands's work on secret-key certs (http://www.xs4all.nl/~brands/). Carl noted that Brands's approach lets you release some info and *prove* you haven't released more; Zero-Knowledge owns the patents. Carl also called attention to privacy policy tools being developed by Microsoft, AT&T, and others; in his opinion these are useful mostly for the associated authoring languages. See http://privacy.bcentral.com and http://www.w3.org/p3p/. Carl's opinion is that the biggest issue with privacy is minimizing knowledge and disclosure when getting authorization to do something. In order to do this, it is necessary to carefully limit the questions a relying party can be asked. Rich posed the question, "Is there a complexity penalty to pay for preserving privacy, and if so, how much?" On the other hand, it was noted that the need for privacy can motivate simplification. Other points made were that the more you work with someone, the more you learn about them, so there's a limit to how much business you can do with someone while preserving privacy; that it is important to corporations to be able to trust trading partners to keep corporate information private; that companies like Intel are working toward a role-based model in which their corporate PKI would vouch for the fact that a transaction was signed by a person in the appropriate *role*, without normally revealing the identity of that person; and that often people want to achieve only compliance with privacy laws, not complete anonymity. Keith pointed out the need, in order to determine which of the various approaches to privacy are appropriate where, to "draw circles" around scenarios. In that connection, Rich noted that http://gits-sec.treas.gov lists dozens of Federal agency uses for certs, and Eric pointed the group to http://www.transarc.ibm.com/~winsboro/papers/CAP.html and http://cdr.cs.uiuc.edu/security/ for some interesting work on credential acceptance.

Carl noted that the Linux port of CDSA is now out. [AI] Keith will download the Linux CDSA software.

It was agreed that it would be useful to have a smaller conference call centered on the PKI Labs universities; [AI] Ken will set up a universities-centric PKI Labs call for Dec. 7 or 8; a possible face-to-face meeting of the university researchers will be discussed on this call. [AI] Neal will plan the next full PKI Labs call, tentatively for Tuesday, Jan. 16, at 11am EST.

*Action Items*

[AI] Rich will notify the PKI Labs list when the DoJ releases its digital-signatures guidelines.
[AI] Ken will recruit volunteers from the PKI Labs to plan a broad, single-tracked PKI Labs research workshop.
[AI] Bob Brentrup will provide some information on the protocol Dartmouth has been using to share information with other schools.
[AI] Neal will arrange a PKI Labs get-together at the upcoming IETF meeting.
[AI] Steve Bellovin will write up a summary of the NymIP meeting, aiming for the week after IETF.
[AI] Ken will ping Steve about the NymIP meeting.
[AI] Rich will provide a URL to a report and a set of DLLs from Entrust's work for NSA.
[AI] Keith will download the Linux CDSA software.
[AI] Ken will set up a universities-centric PKI Labs call for Dec. 7 or 8; a possible face-to-face meeting of the university researchers will be discussed on this call.
[AI] Neal will plan the next full PKI Labs call, tentatively for Tuesday, Jan. 16, at 11am EST.