PKI Labs Conference Call, December 9, 2002

*PKI Labs Conference Call*
December 9, 2002

*Attendees*

Neal McBurnett (convener) - Internet2

Sean Smith - Dartmouth
Larry Levine - Dartmouth
Bob Brentrup - Dartmouth

Eric Norman - Wisconsin

Carl Ellison - Intel
Bob Morgan - Washington
Steve Olshansky - Internet2

Ben Chinowsky (scribe) - Internet2

*Discussion*

Carl opened the meeting with an announcement that the uPnP security spec has been sent out for review by the uPnP technical committee. Carl expects the spec to be published within the next two months or so. The first project implementing the spec is a version of the Internet Gateway Device, which configures 802.11 access points.

Bob Morgan noted that at the last IETF there seemed to be growing recognition of the need and opportunity to "do something structural regarding authorization". The interest in authorization centers around the problem of application protocols not all doing the same things (e.g. adding and removing users) in the same way. Eric asked if it's accurate to say that people think that neither SPKI nor attribute certs adequately deal with authorization; Bob said yes, given that there are so many aspects to the problem of authorization.

Sean noted a recent observation of John Marchesini's, coming out of his attendance at NORDSEC. He found that while in the US there is a strong tendency to see having a single big CA as unworkable, in Scandinavia they see providing every citizen with a keypair as a basic service the government should provide; their emphasis is much more on the usefulness of making this happen than on the difficulties of doing so. This difference in emphasis has much to do with different attitudes toward privacy; in Norway, for example, tax records are public. Sean observed that social presuppositions create entirely different sets of technical problems; the sociologist who works with the Dartmouth PKI Labs argues that many technical problems are really social problems and won't be solved until they are addressed as such. In particular, she emphasizes that people will still use digital signatures even if they're not totally reliable, just as they use many other technologies in spite of their less-than-complete reliability.

Sean and Eric gave short updates from the Dartmouth and Wisconsin PKI Labs. [AI] Sean will send the list a status summary of his students' projects, along with some references to interesting PKI-related work he's come across lately. The Wisconsin medical center S/MIME project has officially ended; a final report is expected in a few weeks.

The group discussed the "sector CA" concept, under which each community (higher education, for example) has its own root CA, and bridges connect the communities. This approach is receiving new attention in light of the impending demise of CREN. Sean noted that Ken Klingenstein inclines toward the view that sectorization makes it easier to make good trust decisions.

Bob Morgan noted that there's a question of whether implementing bridgeware would remove the need for intra-domain CA hierarchies. In the case of higher education, Bob sees little use for such hierarchies anyway, and suggested just putting up CAs and then using bridges to "lash them together" later, should this turn out to be necessary. Bob thinks that bridges are unlikely to work until OpenSSL is able to handle path validation; but, given that many of academia's projected applications for PKI share common level-of- assurance needs, and that the level of assurance needed for these applications is modest, not having bridges is unlikely to become a problem for some time. A generally-accepted modest level of assurance will make the registration process sufficiently lightweight that even lesser-known universities with fewer resources can issue certs sufficiently trustworthy for a broad range of academic uses.

Neal asked the group for its thoughts on whether Internet2 should try to fill the gap that will be created by CREN closing its doors, and if so how to go about it; he noted that Internet2 has "a clear mandate to do what's right for the community". It appears that the principal reason for CREN going under is that its business model was based on having a large subscriber base for the CA -- a base that never materialized. While there was no clear consensus on the way forward, strong interest was expressed in two particular projects:
1) Getting root certs into browsers. Eric noted the widespread belief that if you don't distribute root certs with browsers, you can't do any PKI at all. There was general agreement that this is a misperception that needs to be corrected; Bob Morgan noted that Columbia has already succeeded in distributing root certs to all its users, and Sean suggested that certs could be installed at campus computer stores.
2) Getting lightweight, low-assurance test CAs set up to support Shibboleth. Eric's Bossie CA is a working model here. Bob Morgan suggested that Internet2 could run a similar CA without putting any additional burden on its staff, and that even a production CA supporting Shibboleth could probably be managed without any additional hiring.

The next call will take place on January 13 at 4pm Eastern, per the regular schedule.

*Action Item*

[AI] Sean will send the list a status summary of his students' projects, along with some references to interesting PKI-related work he's come across lately.