Help define the internet's web of trust model ...
From: "warwick (w.s.) ford" <wford@bnr.ca> Message-Id: <"21210 Sat Aug 12 15:15:59 1995"@bnr.ca> To: pem-dev@tis.com, cat-ietf@mit.edu, ipsec@ans.net, e-payment@cc.bellcore.com, www-security@ns2.rutgers.edu, ietf-payments@cc.bellcore.com, pki-twg@nist.gov Subject: Proposal for New IETF WG on PKI
Over the past couple of weeks, a group of interested individuals has been putting together a proposal for a new IETF Working Group to develop Internet standards for an X.509-based public-key infrastructure. The result is the draft WG Charter attached below. Since plans were announced last year to form this WG (and to shut down the PEM WG) it is considered reasonable to start up the new WG without the usual preliminary BOF at the next IETF. Steve Kent and I have offered our services to co-chair this group, and Chandra Shrivastava has offered to run a mailing list. The following mailing list has now been established for discussion of this proposal: ietf-pkix@tandem.com. To subscribe to the mailing list, send a messsage to listserv@tandem.com with the following in the body: subscribe <e-mail address> ietf-pkix Warwick Ford -------------------------------------------------------------------- Public-Key Infrastructure (X.509) Group IETF Working Group Charter --------------------------------------- Chair(s): Applications Area Director(s) Area Advisor: Mailing lists: General Discussion: To Subscribe: In Body: Archive: Description of Working Group: Many Internet protocols and applications which use the Internet employ public-key technology for security purposes and require a public-key infrastructure (PKI) to securely deliver public keys to widely-distributed users or systems. The X.509 standard constitutes a widely-accepted basis for such an infrastructure, defining data formats and procedures related to distribution of public keys via certificates digitally signed by certification authorities (CAs). RFC 1422 specified the basis of an X.509-based PKI, targeted primarily at satisfying the needs of Internet Privacy Enhanced Mail (PEM). Since RFC 1422 was issued, application requirements for an Internet PKI have broadened tremendously, and the capabilities of X.509 have advanced with the development of standards defining the X.509 version 3 certificate and version 2 certificate revocation list (CRL). The task of the Working Group will be to develop Internet standards needed to support an X.509-based PKI. The goal of this PKI will be to facilitate the use of X.509 certificates in multiple applications which make use of the Internet and to promote interoperability between different implementations choosing to make use of X.509 certificates. The resulting PKI is intended to provide a framework which will support a range of trust/hierarchy environments and a range of usage environments (RFC1422 is an example of one such model). Candidate applications to be served by this PKI include, but are not limited to, PEM, MOSS, GSS-API mechanisms (e.g., SPKM), ipsec protocols, Internet payment protocols, and www protocols. This project will not preclude use of non-infrastructural public-key distribution techniques nor of non-X.509 PKIs by such applications. Efforts will be made to coordinate with the IETF White Pages (X.500/WHOIS++) project. The group will focus on tailoring and profiling the features available in the v3 X.509 certificate to best match the requirements and characteristics of the Internet environment. Other topics to be addressed potentially include: - Alternatives for CA-to-CA certification links and structures, including guidelines for constraints - Revocation alternatives, including profiling of X.509 v2 CRL extensions - Certificate and CRL distribution options (X.500-based, non-X.500-based) - Guidelines for policy definition and registration - Administrative protocols and procedures, including certificate generation, revocation notification, cross-certification, and key-pair updating - Naming and name forms (how entities are identified, e.g., email address, URN, DN, misc.) Goals and Milestones: Sep, 95 Agreement on draft Working Group charter Nov, 95 Completion of initial strawman PKI specification Dec, 95 First Working Group meeting (Dallas IETF) Jul, 96 Submit PKI (X.509) specification for consideration as Proposed standard.