IETF working to define a public key infrastructure

[Rich Salz <rsalz@osf.org>]

Help define the internet's web of trust model ...

>From: "warwick (w.s.) ford" <wford@bnr.ca>
Message-Id:  <"21210 Sat Aug 12 15:15:59 1995"@bnr.ca> 
To: pem-dev@tis.com, cat-ietf@mit.edu, ipsec@ans.net,
        e-payment@cc.bellcore.com, www-security@ns2.rutgers.edu,
        ietf-payments@cc.bellcore.com, pki-twg@nist.gov
Subject:  Proposal for New IETF WG on PKI 

Over the past couple of weeks, a group of interested individuals has been 
putting together a proposal for a new IETF Working Group to develop 
Internet standards for an X.509-based public-key infrastructure.  The result is 
the draft WG Charter attached below.  Since plans were announced last year to 
form this WG (and to shut down the PEM WG) it is considered reasonable to start 
up the new WG without the usual preliminary BOF at the next IETF.  Steve Kent 
and I have offered our services to co-chair this group, and Chandra Shrivastava 
has offered to run a mailing list.

The following mailing list has now been established for discussion of this 
proposal:  ietf-pkix@tandem.com.  To subscribe to the mailing list, send a 
messsage to listserv@tandem.com with the following in the body:
         subscribe <e-mail address> ietf-pkix

Warwick Ford
--------------------------------------------------------------------


Public-Key Infrastructure (X.509) Group
IETF Working Group Charter
---------------------------------------

Chair(s):
Applications Area Director(s)
Area Advisor:
Mailing lists:
        General Discussion:
        To Subscribe:
        In Body:
        Archive:
Description of Working Group:

Many Internet protocols and applications which use the Internet employ 
public-key technology for security purposes and require a public-key 
infrastructure (PKI) to securely deliver public keys to widely-distributed users 
or systems.  The X.509 standard constitutes a widely-accepted basis for such an 
infrastructure, defining data formats and procedures related to distribution of 
public keys via certificates digitally signed by certification authorities 
(CAs).  RFC 1422 specified the basis of an X.509-based PKI, targeted primarily 
at satisfying the needs of Internet Privacy Enhanced Mail (PEM).  Since RFC 1422 
was issued, application requirements for an Internet PKI have broadened 
tremendously, and the capabilities of X.509 have advanced with the development 
of standards defining the X.509 version 3 certificate and version 2 certificate 
revocation list (CRL).

The task of the Working Group will be to develop Internet standards needed to 
support an X.509-based PKI.  The goal of this PKI will be to facilitate the use 
of X.509 certificates in multiple applications which make use of the Internet 
and to promote interoperability between different implementations choosing to 
make use of X.509 certificates.  The resulting PKI is intended to provide a 
framework which will support a range of trust/hierarchy environments and a range 
of usage environments (RFC1422 is an example of one such model).

Candidate applications to be served by this PKI include, but are not limited to, 
PEM, MOSS, GSS-API mechanisms (e.g., SPKM), ipsec protocols, Internet payment 
protocols, and www protocols.  This project will not preclude use of 
non-infrastructural public-key distribution techniques nor of non-X.509 PKIs by 
such applications.  Efforts will be made to coordinate with the IETF White Pages 
(X.500/WHOIS++) project.

The group will focus on tailoring and profiling the features available in
the v3 X.509 certificate to best match the requirements and characteristics
of the Internet environment.

Other topics to be addressed potentially include:
- Alternatives for CA-to-CA certification links and structures, including
  guidelines for constraints
- Revocation alternatives, including profiling of X.509 v2 CRL extensions
- Certificate and CRL distribution options (X.500-based, non-X.500-based)
- Guidelines for policy definition and registration
- Administrative protocols and procedures, including certificate generation,
  revocation notification, cross-certification, and key-pair updating
- Naming and name forms (how entities are identified, e.g., email address,
  URN, DN, misc.)


Goals and Milestones:

Sep, 95   Agreement on draft Working Group charter
Nov, 95   Completion of initial strawman PKI specification
Dec, 95   First Working Group meeting (Dallas IETF) 
Jul, 96   Submit PKI (X.509) specification for
          consideration as Proposed standard.