*PKI Labs Conference Call*
July 8, 2002
Neal McBurnett (convener) - Internet2
Bob Brentrup - Dartmouth
Sean Smith - Dartmouth
Eric Norman - Wisconsin
Peter Honeyman - Michigan
Carl Ellison - Intel
Steve Olshansky - Internet2
Jeanette Fielden - Internet2
At the 7th Australasian Conference on Information Security and Privacy a paper was presented on Authenticated Operation of Open Computing Devices by Paul England and Marcus Peinado. Sean can provide the link to anyone interested in reading the paper.
There was discussion of the book Digital Rights Management: Business and Technology by Bill Rosenblatt, Bill Trippe and Stephen Mooney. The book was considered a worthwhile read but was felt to never address the central technical question of “does this stuff actually work?”
There is also work to develop a personal cryptography assistant using smart cards on handheld devices. The tamper-resistant module in these devices offers some opportunities for remote and local authentication, key management and some cryptography. The current focus is on trying to gain access to the APIs for the module.
Sean has a student who is working with a machine with the previous ESS (Embedded Security Subsystem) chip and is trying to process the stack. The chip is the IBM entry for the Trusted Computing Platform Alliance (TCPA). TCPA appears to require a Trusted Platform Module (TPM). It’s not clear whether the EPI equals TCPA or if TCPA equals the TPM plus something the OS is expected to do. Currently, IBM is the only known company shipping this. Some of the questions around TCPA include: How can I tell what software a secure card is running on another machine and should I trust it? Does it have access to a key pair and what does this key pair mean?
Wisconsin lab report – The Internet2 S/MIME group is discussing SYMPA, software that integrates S/MIME encryption with list management. SYMPA is a mailing list manager developed by CRU, the French Universities Network Committee. It has the functionality of other mailing systems plus it is directory-enabled and has S/MIME capabilities. SYMPA can verify S/MIME signatures, and supports dynamic includes of email addresses from a source that can be either a relational database accepting SQL queries or an LDAP directory. The functionality is not yet fully developed but it is very promising. See www.sympa.org.
Dartmouth lab report – In conjunction with the administrative computing group, some older applications that use Kerberos and Sidecar are being converted to test the web front end to do client-side certificate authentication. Modifications are being made to the authorization modules to use the certificates for the source of the name of the individual to generate a report on. Pretty close to working correctly. Experimenting with iPlanet and a basic enrollment module. It’s rules-based to make more flexible, but is not yet fully functional. Testing on different operating systems etc. to check for what doesn’t work properly.
Sean has updated the Dartmouth PKI Lab web site with links to new papers. www.cs.dartmouth.edu/~pkilab/
Bob is working on “how to do it” documentation for end users of HEPKI. The revised set of PKI workshop notes was distributed. Consensus is that these are final with no need for further revision.
Next call is August 12th 2002 at 4 pm EDT.