Public-Key Infrastructure (X.509) (pkix) ---------------------------------------- Charter Current status: active working group Chair(s): Steve Kent Warwick Ford Security Area Director(s): Jeffrey Schiller Mailing lists: General Discussion:ietf-pkix@tandem.com To Subscribe: listserv@tandem.com In Body: subscribe ietf-pkix Archive: ftp://ftp.tandem.com/ietf/mailing-lists/current Description of Working Group: Many Internet protocols and applications which use the Internet employ public-key technology for security purposes and require a public-key infrastructure (PKI) to securely manage public keys for widely-distributed users or systems. The X.509 standard constitutes a widely-accepted basis for such an infrastructure, defining data formats and procedures related to distribution of public keys via certificates digitally signed by certification authorities (CAs). RFC 1422 specified the basis of an X.509-based PKI, targeted primarily at satisfying the needs of Internet Privacy Enhanced Mail (PEM). Since RFC 1422 was issued, application requirements for an Internet PKI have broadened tremendously, and the capabilities of X.509 have advanced with the development of standards defining the X.509 version 3 certificate and version 2 certificate revocation list (CRL). The task of the working group will be to develop Internet standards needed to support an X.509-based PKI. The goal of this PKI will be to facilitate the use of X.509 certificates in multiple applications which make use of the Internet and to promote interoperability between different implementations choosing to make use of X.509 certificates. The resulting PKI is intended to provide a framework which will support a range of trust/hierarchy environments and a range of usage environments (RFC1422 is an example of one such model). Candidate applications to be served by this PKI include, but are not limited to, PEM, MOSS, GSS-API mechanisms (e.g., SPKM), ipsec protocols, Internet payment protocols, and www protocols. This project will not preclude use of non-infrastructural public-key distribution techniques nor of non-X.509 PKIs by such applications. Efforts will be made to coordinate with the IETF White Pages (X.500/WHOIS++) project. The group will focus on tailoring and profiling the features available in the v3 X.509 certificate to best match the requirements and characteristics of the Internet environment. Other topics to be addressed potentially include: o Alternatives for CA-to-CA certification links and structures, including guidelines for constraints o Revocation alternatives, including profiling of X.509 v2 CRL extensions o Certificate and CRL distribution options (X.500-based, non-X.500-based) o Guidelines for policy definition and registration o Administrative protocols and procedures, including certificate generation, revocation notification, cross-certification, and key-pair updating o Naming and name forms (how entities are identified, e.g., email address, URN, DN, misc.) o Generation of client key pairs by the PKI Goals and Milestones: Oct 95 Agree on working group charter. Nov 95 Complete initial strawman PKI specification. Dec 95 First meeting at Dallas IETF. Jul 96 Submit PKI (X.509) specification to IESG for consideration as a Proposed Standard. Internet-Drafts: Posted Revised I-D Title ------ ------- ------------------------------------------ Nov 95 New Internet Public Key Infrastructure Feb 96 Mar 96 Internet Public Key Infrastructure Part I: X.509 Certificate and CRL Profile Request For Comments: None to date.