Public-Key Infrastructure (X.509) WG (pkix) TUESDAY, December 12 at 1545-1645 WEDNESDAY, December 13 at 1300-1500 ================================= CHAIR: Stephen Kent , Tim Polk AGENDA: Document Status Review Tim Polk (NIST) The working group has twenty current Internet-Drafts. A number of documents are in various stages of Last Call. Several others are ready for Last Call. (5 min.) Delegated Path Validation Services - various The working group has been presented with several alternative proposals. The current proposals are the Simple Certificate Validation Protocol (SCVP) and Delegated Path Validation drafts. The WG needs to select one I-D as the PKIX path validation protocol and create one standards track specification. An extensive discussion is planned for this session, with presentations by the authors of the competing specifications as well as the WG chairs. (up to 30 min.) Qualified Certificates Profile - Stefan Santesson (Addtrust) This document has been approved as a Standards track RFC and is currently in the editing queue. A brief discussion of the status of the corresponding ETSI specification will be included in this update. (5 min.) Data Validation and Certification Server - Carlisle Adams (Entrust) This document has been approved as a Experimental track RFC and is currently in the editing queue. (5 min.) Time Stamp Protocols (TSP) - Denis Pinkas (Bull) This document has been through working group Last Call and is currently under Area Director Review. This status update will describe changes made to the TSP specification as a consequence of Last Call. (5 min.) Attribute Certificate Profile - Steve Farrell (Baltimore) This document has been through working group Last Call and is currently under Area Director Review. This status update will describe changes made to the Attribute Certificate Profile as a consequence of Last Call. (5 min.) Technical Non-Repudiation - Tom Gindin (IBM) This document is ready to proceed as an Informational track specification. (5 min.) Permanent Identifier - Denis Pinkas (Bull) This document is stable and ready for progression to RFC status. This discussion will center on the strategy for progressing this document. (5 min.) [*Approximate* breaking point between meetings] Certificate and CRL Profile revisions - Russ Housley (SPYRUS) This document is the follow-up to RFC 2459. A new draft of this document has been published. Hopefully, we are ready for Working Group Last Call. The document will be a standards Track and is expected to go to Proposed Standard. (10 min.) Public Key Algorithms and Identifiers - Russ Housley (SPYRUS) This document is a companion to the Certificate and CRL Profile. This specification contains the algorithm-specific information, such as OIDs and encoding information. This specification is ready for WG Last Call and is expected to progress to Proposed Standard with the Certificate and CRL Profile. (5 min.) CMP/CRMF Interoperability Results - Bob Moskowitz (ICSA Labs) Bob has been organizing interoperability testing for CRMF/CMP Implementations. This testing will support the progression of CMP and CRMF to Draft standard. (10 min.) Certificate Request Message Format (CRMF) - Carlisle Adams (Entrust) This document incorporates clarifications to RFC 2511. These changes are proposed as a result of interoperability testing. This specification is nearly ready for Last Call and progression of CRMF to Draft Standard. (5 min.) Certificate Management Protocol (CMP) - Carlisle Adams (Entrust) This document incorporates clarifications to RFC 2510. These changes are proposed as a result of interoperability testing. This specification is nearly ready for Last Call and progression of CMP to Draft Standard. (5 min.) OCSPv2 and Delegated Path Discovery - Michael Myers (VeriSign) These documents incorporate clarifications and enhancements to RFC 2560 and define a new OCSP extension for path discovery. The editor feels the OCSPv2 is stable and ready for progression to RFC status. See the following resentation. (10 min.) Comments on OCSPv2 - Denis Pinkas (Bull) An alternative view on the prograssion of OCSPv2. (5 min.) CP/CPS Framework - Santosh Chokhani (Cygnacom) An ad hoc group of PKIX and ABA members has been working on revisions to RFC 2527, the "Certificate Policy and Certification Practices Framework". A new draft will be posted in the near future. This update will describe expected changes in the document. (5 min.) PKIX Roadmap - Sean Turner (IECA) This document provides an overview or "roadmap" of the work done by the IETF PKIX working group. It defines common terms, describes basic theory behind PKI, and provides an overview of PKIX documents and the relationships between them. This document is now fairly stable, and could be considered for progression as an informational RFC. (5 min.) Operational Protocols, LDAPv3 - David Chadwick (Univ. of Salford) This document is the LDAPv3 analog of RFC 2559. This document describes the features of LDAPv3 that are essential, or not required, or are optional for servers to support a PKI based on X.509. (5 min.) Additional LDAP Schema for PKIs and PMIs - David Chadwick (Salford) This specification is a supplement to RFC 2587, and describes Additional schema elements for use with LDAPv3 PKI repositories. Attribute Certificate Acquisition Protocol - Steve Farrell (Baltimore) This document specifies a deliberately limited protocol for requesting attribute certificates from a server. (5 min.) Repository Locator Service - Phil Hallem-Baker (VeriSign) This document leverages DNS and DNS SRV records to enable Certificate using systems to locate PKI repositories based on a domain name, identify the protocols that can be used to access the repository, and obtain addresses for the servers that host the repository service. (5 min.) PKIX and XML - various The relationship of PKI and XML-based clients has been the subject of great discussion on the list. As time allows, we will continue that discussion. (30-40 min.)