PKI Labs Conference Call, April 8, 2002

*PKI Labs Conference Call*
April 8, 2002

*Attendees*

Neal McBurnett (convener) - Internet2

Bob Brentrup - Dartmouth
Sean Smith - Dartmouth

Eric Norman - Wisconsin

Carl Ellison - Intel
Peter Honeyman - Michigan
Jeff Schiller - MIT
Ellen Vaughan - Internet2

Ben Chinowsky (scribe) - Internet2

*Discussion*

The minutes of the previous meeting were approved; Ben will expand the Bernstein discussion per Neal's suggestions on the list. The group reviewed action items:

[11-February - Bob Morgan will suggest to HEPKI-TAG that it consider including a web-of-trust component in its S/MIME project.]
Done; TAG is looking into client support for this.

[11-February - Bob Brentrup will put John Marchesini in touch with Eric to discuss virtual hierarchies.]
Done.

[18-December - Bob Moskowitz and Carl will further discuss ways of increasing the user-friendliness of using raw public keys to set up devices.]
Still to do.

[20-November - Eric will forward Bob Juenemann's comments on why PKI hasn't taken off yet.]
Done.

[13-August - Bob Moskowitz will forward the list email on PKI work at Fannie Mae.]
Still to do.

[4-June - Bob Moskowitz will send the list information on Federal work related to attribute certs.]
Still to do.

Bob Brentrup and Sean provided a short Dartmouth update. Bob is focusing on S/MIME client interoperability; he is planning to look further into workflow applications of S/MIME. Bob also wants to retool Kerberized apps to use client-side certs instead. Sean announced that a technical report on Dartmouth's digital-signature-hacking work will be out soon, and that Eileen's paper on trusted paths has been accepted for presentation at Usenix. On the other hand, John's work on virtual hierarchies got a disappointing response from the conference it was submitted to. The strongest negative reaction was that hierarchies based on partitioning the namespace among CAs (e.g., the .edu domain signs Dartmouth certs, Dartmouth signs certs for the Dartmouth Department of Computer Science) are the only reasonable way to do PKI. Sean noted that the sociologist working with the Dartmouth PKI Lab says that people often choose hierarchy less for technical reasons than because they just like hierarchies.

This sociological observation provoked a more general discussion of human engineering factors in security. Eric noted that with current browsers you have no way of knowing that information you're sending will be sent securely -- the padlock icon only applies to incoming information. In an April 9 followup email, Eric wrote that "SPKI has authorization certificates which say, in effect, 'here's what you can do'. Looking at it from the other (user) end, perhaps we can also have capability/willingness certificates that say, 'here's what I'm capable of/willing to do'. If the authorization can be 'matched with' the capability, the transaction can proceed." Jeff noted that VPNs have the same problem -- "The user has no way to know that security has happened. I think this means that VPNs are not a good technology." Carl noted that NSA's NetTop could address this, but acknowledged Jeff's objection that NetTop requires very careful design and configuration.

Neal noted that by default Groove uses symmetric keys within groups, which means that anyone within a group can leak all the group's information. It is also possible in Groove to have each person in a group encrypt messages with the public key of every other person in the group, but this presents a scaling problem. Bob Moskowitz observed that "what sells are risk management tools, things that let you know what the risk is in particular cases." Sean noted that he'd been approached by potential collaborators who wanted to know how to make data available for finding terrorists without letting anyone know where that data came from.

Eric gave a Wisconsin update. He is working on trying to get the iPlanet mail system up, in particular its SSL component. Bob Brentrup noted that iPlanet CMS has trouble registering users online if the userid field is not populated in the directory; Eric has seen the same problem in the FBCA context. [AI] Carl and Eric will whiteboard Eric's SDSI work at the PKI Research Workshop; thereafter Carl will harass Eric into making further progress on documenting this work.

Bob Moskowitz gave an overview of his current work on 802.11i, 802.11f, and HIP. Bob described 802.11i as in need of simplification; he doesn't think the current version will pass the next ballot. 802.11f implements Bob's security model; he is concerned that the current implementation is susceptible to an SSL MiM attack, and he is therefore spending more time looking into authentication methods, in particular trying to find out what can be done with EAP and strong passwords. Bob also noted that there are four implementations of HIP in the works; he is considering another attempt to get a HIP working group started in IETF. HIP deals with a machine's knowledge of whether or not it is talking to a given system securely, and builds this knowledge into the kernel. When Eric asked "Is the idea that the solution is in the e2e model?", Bob's reply was "Exactly."

The next PKI Labs call will be on May 20 (not May 13 per the usual schedule), at the usual time of 4pm Eastern / 1pm Pacific / 2000 UTC.

*Action Items*

[AI] 8-April - Carl and Eric will whiteboard Eric's SDSI work at the PKI Research Workshop; thereafter Carl will harass Eric into making further progress on documenting this work.
[AI] 18-December - Bob Moskowitz and Carl will further discuss ways of increasing the user-friendliness of using raw public keys to set up devices.
[AI] 13-August - Bob Moskowitz will forward the list email on PKI work at Fannie Mae.
[AI] 4-June - Bob Moskowitz will send the list information on Federal work related to attribute certs.