Public-Key Infrastructure (X.509) WG (pkix) Wednesday, August 4 at 0900-1130 ================================ CHAIRS: Stephen Kent Tim Polk AGENDA: 1. WG Status and Direction 1.1 Document Status Review [Tim Polk (NIST)] The working group has a number of Internet-Drafts. Many documents are with the ADs or in various stages of WG Last Call. Several others are ready for Last Call. (10 min.) 1.2 Proposed WG Milestones [Tim Polk (NIST)] The working group milestones are out of date. New milestones are needed; these milestones need to satisfy IESG direction for an orderly closeout of WG activities. (10 min.) 2. PKIX WG Specifications 2.1 LDAP Specifications The PKIX WG has a number of LDAP-based specifications supporting publication and distribution of certificates and CRLs. 2.1 LDAP Schemas, String Values, and more - David Chadwick (U. of Salford) http://www.ietf.org/internet-drafts/draft-ietf-pkix-ldap-crl-schema-02.txt http://www.ietf.org/internet-drafts/draft-ietf-pkix-ldap-ac-schema-01.txt The WG has a suite of LDAP-PKIX drafts forming a comprehensive solution for LDAP based PKI information distribution. New drafts of two documents have been submitted since IETF 59; additional drafts will be published soon after this meeting; the presenter will discuss the changes in the and highlight issues that must be resolved before Last Call. (15 min.) 2.2 Practical Considerations for Use of LDAP in PKIX - Kurt Zeilenga (LDAPbis WG co-chair) (no draft) Practical considerations must be considered to maximize the utility and interoperability of LDAP-based PKIs. This presentation will highlight known issues and (where applicable) ways to address them. (10 min.) 2.3 Matching Text Strings in PKIX Certificates - Paul Hoffman (IMC) and Steve Hanna (Sun) http://www.ietf.org/internet-drafts/draft-hoffman-pkix-stringmatch-00.txt This specification describes the use of Stringprep to support comparison and matching of international text strings. This document resolves an open issue from RFC 3280, where the minimum requirements for name comparison were specified as binary matching. Since the publication of RFC 3280, the stringprep specification has been completed, providing a solid basis for comparison and matching of test strings in PKIX certificates. (15 min.) [see also http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-strprep-04.txt] 2.4 RFC 3280 Progression - Tim Polk (NIST) (no draft) NIST will present the current plan and milestones for progression of RFC 3280 to Draft Standard. (5 min.) 2.5 Subject Identification Method - Speaker TBD http://www.ietf.org/internet-drafts/draft-ietf-pkix-sim-03.txt A new draft of the Subject Identification Method has been submitted since IETF 59. The document is relatively stable and mature. WG Last Call is expected for the next draft of this document. (15 min.) 2.6 SCVP Progression - Speaker TBD http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-15.txt This document has been in WG Last Call since early 2004. Completion of WG Last Call was blocked by newly identified implementation requirements for unsigned messages to support DPD. Early proposals did not satisfy RFC 3739, and were rejected. A new draft has been submitted since IETF 59 which satisfies both RFC 3379 and the requirements for unsigned messages. (5 min.) 3. Related Specifications & Liaison Presentations Time allowing, liaison presentations will be accommodated to ensure the PKIX WG is aware of related specifications currently progressing as individual drafts. 3.1 Specification of OCSP in IKEv2 - Mike Myers (TraceRoute) (no draft) This presentation will highlight issues with the specification of OCSP in IKEv2. (10 min.) 3.2 User Interface Requirement for the Internet X.509 Public Key Infrastructure - Tae Choi (KISA) http://www.ietf.org/internet-drafts/draft-choi-pkix-ui-00.txt This document provides basic requirements of user interface at PKI client software that satisfy a full of PKI implementation with usability. To meet with the requirements, it defines root CA certificate trust mechanism, certificate sharing mechanism, and certificate representation method. (10 min.)