Скачать презентацию Technical Working Group June 2001 Andrew Nash Steve Скачать презентацию Technical Working Group June 2001 Andrew Nash Steve

6ebc52bdeb77fd9942deceb51894a9a5.ppt

  • Количество слайдов: 21

Technical Working Group June 2001 Andrew Nash Steve Lloyd Technical Working Group June 2001 Andrew Nash Steve Lloyd

Agenda • Agenda praise (in lieu of bashing) – a TWG tradition (praise that Agenda • Agenda praise (in lieu of bashing) – a TWG tradition (praise that is …) • Introductions – Name, Company, Vendor/Exploiter/Customer • Objectives and Ground Rules • Project and White Paper Objectives • Status at end of March Meeting

TWG Agenda for Wednesday 6/20 Thursday 6/21 • Path Construction • CESG Status (UK TWG Agenda for Wednesday 6/20 Thursday 6/21 • Path Construction • CESG Status (UK Govt Interop Trial) • LDAP white paper • Application certificate usage • Token Interoperability • CMP Interoperability • TTT Bridge CA • • • OCSP PKI Challenge AKID/SKID Interop Guide Wireless certificates Future Work

Introductions • Andrew Nash – RSA Security – PKI Vender • Steve Lloyd – Introductions • Andrew Nash – RSA Security – PKI Vender • Steve Lloyd – Entrust – PKI Vendor • Your turn – Name, Company, Vendor/Exploiter/Customer

Objectives and Ground Rules “… to accelerate the adoption and use of Public-Key Infrastructure Objectives and Ground Rules “… to accelerate the adoption and use of Public-Key Infrastructure (PKI) and PKI-based products and services. ” – Leverage the expertise of Members – Projects lead by PKI Forum members – Results clearly PKI Forum effort – Maximum Involvement of all parties – Leverage existing standards, efforts, skills and organizations

… and other things • Mailing list signup and use • Project Plans and … and other things • Mailing list signup and use • Project Plans and Status • Business WG organization – Marketing/Education – Policy & Privacy – Best Practices – Applications/Vert. Markets

Major Project Work Methodology • • Description of task White papers/educational material/test cases Interoperability Major Project Work Methodology • • Description of task White papers/educational material/test cases Interoperability workshops Internal documentation of results/lessons learned/recommendations • External documentation • Focus on making it work!

External Project Report Objectives • Written materials reporting results – White papers – Matrices External Project Report Objectives • Written materials reporting results – White papers – Matrices – Presentations • Interim results remain private to PKIF • Consensus on timing and nature of results – Positive results desired – Describe PKI successes, not disadvantage products that don’t work during testing

White Paper Objectives • Address topics that will advance PKI interoperability • What does White Paper Objectives • Address topics that will advance PKI interoperability • What does PKIF have to add – LDAP – Path Construction – NOT remote path validation! • May be related to specific Major Projects • Editor responsible to drive • Review/approval on list to assure agreement

Status from San Jose - March 2001 • Meeting minutes are required • We Status from San Jose - March 2001 • Meeting minutes are required • We meet this requirement with “real time” PPT notes • If time permits, quick review before Joint Session • Input Solicited Participants March San Jose December Sydney September Montreal Vendor 14 35% 13 45% 20 43% ISV/Exploiter 19 48% 12 41% 16 38% Customer** 7 17% 4 9% 10 24% 40 ** Customers include consultants 29 46

TWG Progress Complete: In Progress: 1 Major Interoperability Project 4 Major Interoperability Projects 1 TWG Progress Complete: In Progress: 1 Major Interoperability Project 4 Major Interoperability Projects 1 White Paper 5 White Papers (more in the pipe) 3 PKI Notes

Path Construction Stephen Farrell/Steve Lloyd • White paper – Explain functionality and identify recommendations Path Construction Stephen Farrell/Steve Lloyd • White paper – Explain functionality and identify recommendations • Assumptions – Assume complex certificate paths • Hierarchical/Distributed/Bridge CA/Combination trust models – Concentrate on LDAP/X. 509/HTTP access methods • CA-CA Interoperability paper relies on this paper to address “path bounding” • Plan – 1 st draft due June 2001 – Final submission Sept 2001

Application Certificate Usage • Deliverables David Crowe – Data sheets describing pair wise vendor Application Certificate Usage • Deliverables David Crowe – Data sheets describing pair wise vendor results • Product descr, interoperable functionality, config notes • Entrust/Xcert, RSA Security/Xcert, SECUDE/Xcert – Certificate library – librarian: Tony Rogers • Parallel activities with the CESG and EEMA • Issues: – IPSec certificate usage is open – More results required for successful completion • Future – Direct testing between companies proposed – some results already exist with companies like Microsoft – Forum assumes a brokerage role (incl coordination of announcements)

Certificate Library Tony Rogers • Initial certificates provided by Computer Associates • PKI Forum Certificate Library Tony Rogers • Initial certificates provided by Computer Associates • PKI Forum web site – FTP down load • certificates, descriptions • possibly associated private keys • LDAP server to be established as a certificate source • Certificate samples requested from members now – CA, SSL server, SSL client, e-mail • Optional CRL • Optional known bad certificate examples

CA-CA Interoperability Steve Lloyd • Address technical aspects of CA-CA interoperability – emphasis on CA-CA Interoperability Steve Lloyd • Address technical aspects of CA-CA interoperability – emphasis on “inter-domain interoperability” • Discussion paper delivered – project did not include interoperability demonstrations • Recommended that non-technical issues (business relationships/legal) be addressed by the Policy & Privacy subgroup • One activity among others – this activity was purposely focused on inter-domain interoperability issues

CMP Interoperability Bob Moskowitz • • • No group testing in last quarter (some CMP Interoperability Bob Moskowitz • • • No group testing in last quarter (some point-to-point) Support DSA and RSA Supported direct TCP Press announcement – Feb ’ 01 Further testing on additional protocol features

LDAP David Finkelstein • • Limited progress to date Initial draft has limited distribution LDAP David Finkelstein • • Limited progress to date Initial draft has limited distribution Focused effort avail from this point forward Outline – Schema requirements – Creation, modification search requirements – Access control requirements • CA vendor use of LDAP imposes unique implications

OCSP Alistair Grant • Goal: – Promote interoperability between implementations of OCSP (RFC 2560) OCSP Alistair Grant • Goal: – Promote interoperability between implementations of OCSP (RFC 2560) • • • Project proposal – Dec 2000 Agreed project plan – Feb 2001 Public OCSP responder established – March 2001 BOF planned for Thursday afternoon Testing planned for April/May

Other Discussions • XML Key Mgmt System (XKMS) Warwick Ford – – Microsoft, Veri. Other Discussions • XML Key Mgmt System (XKMS) Warwick Ford – – Microsoft, Veri. Sign, web. Methods and others Application enabled to use 2 G PKI services Simplify the application interface Hides complexity of PKI structure such as trust models

Other Discussion • CESG Interoperability Richard Lampard – Heterogeneous CA hierarchy – Interop trial Other Discussion • CESG Interoperability Richard Lampard – Heterogeneous CA hierarchy – Interop trial to resolve issues • Large set of standards • Work with large set of vendors • Understand state of industry and technology – – Application interop included S/Mime interop 15 vendors Bake-off 12 -16 Feb ’ 01 Report will distribute test results

www. PKIForum. org www. PKIForum. org