Public Key Infrastructure Using X.509 (PKIX) Working Group

Public Key Infrastructure Using X.509 (PKIX) Working Group

March 20, 2005 1850-1950

PKIX WG (pkix-wg)• Web page: charter, current documents

– http://www.ietf.org/html.charters/pkix-charter.html• Mailing List: ietf-pkix@imc.org

• To Subscribe: ietf-pkix-request@ imc.org, In Body: subscribe• Archive: http://www.imc.org/ietf-pkix

• Chairs– Stephen Kent kent@bbn.com– Tim Polk tim.polk@nist.gov

• Security Area Directors– Russ Housley housley@vigilsec.com– Sam Hartman hartmans@mit.edu

PKIX Agenda for 65th IETF

• Document Status Overview• Algorithm Agility in PKIX• WG drafts

– SCVP draft -23– RFC3280bis– SRV

Status Review

• Four new RFCs• 2 documents in RFC Editors Queue• 1 document in IESG Last Call• 7 documents in WG Last Call• 2 (soon to be 3) documents that aren’t in

Last Call

New RFCs

• Three Proposed Standard RFCs– RFC 4325 CRL AIA– RFC 4387 CertStore HTTP– RFC 4334 Cert Extensions for Authentication

in PPP and WLAN• Obsoletes RFC 3770

• One Experimental RFC– RFC 4386 PKIX REP

In RFC Editors Queue

• Attribute Certificate Policies Extension• GOST Cryptographic Algorithms

In IESG Last Call

• Subject Identification Method

In WG last Call

• SCVP• CMC drafts

– CMC (2797bis)– CMC Transport– CMC Compliance

• Lightweight OCSP• Service Names• UTF8

SCVP

• Draft -23 submitted•Algorithm agility issues identified and

addressed• Three 3379 compliance issues identified in

editors’ review of SCVP-22•All 3379 requirements issues resolved in -23

• Editors believe that metrics for Proposed Standard are more than satisfied!

Drafts that aren’t in Last Call

• 3280bis• ECC algorithms draft from Dan brown• Draft for ECDSA and DSA with SHA-2

family of hash algorithms– Blocked on NIST publication of FIPS 186-3

RFC 3280bis

• Urgent need to complete this document and move to Draft Standard– Draft -02 submitted with minor tweaks– Draft -03 to be submitted after IETF 65

• Need to construct an interoperability matrix