Public-Key Infrastructure (X.509) (pkix) ---------------------------------------- Charter Last Modified: 24-Oct-97 Current Status: Active Working Group Chair(s): Stephen Kent Warwick Ford Security Area Director(s): Jeffrey Schiller Security Area Advisor: Jeffrey Schiller Mailing Lists: General Discussion:ietf-pkix@tandem.com To Subscribe: listserv@tandem.com In Body: subscribe ietf-pkix Archive: ftp://ftp.tandem.com/ietf/mailing-lists/current Description of Working Group: Many Internet protocols and applications which use the Internet employ public-key technology for security purposes and require a public-key infrastructure (PKI) to securely manage public keys for widely-distributed users or systems. The X.509 standard constitutes a widely-accepted basis for such an infrastructure, defining data formats and procedures related to distribution of public keys via certificates digitally signed by certification authorities (CAs). RFC 1422 specified the basis of an X.509-based PKI, targeted primarily at satisfying the needs of Internet Privacy Enhanced Mail (PEM). Since RFC 1422 was issued, application requirements for an Internet PKI have broadened tremendously, and the capabilities of X.509 have advanced with the development of standards defining the X.509 version 3 certificate and version 2 certificate revocation list (CRL). The task of the working group will be to develop Internet standards needed to support an X.509-based PKI. The goal of this PKI will be to facilitate the use of X.509 certificates in multiple applications which make use of the Internet and to promote interoperability between different implementations choosing to make use of X.509 certificates. The resulting PKI is intended to provide a framework which will support a range of trust/hierarchy environments and a range of usage environments (RFC1422 is an example of one such model). Candidate applications to be served by this PKI include, but are not limited to, PEM, MOSS, GSS-API mechanisms (e.g., SPKM), ipsec protocols, Internet payment protocols, and www protocols. This project will not preclude use of non-infrastructural public-key distribution techniques nor of non-X.509 PKIs by such applications. Efforts will be made to coordinate with the IETF White Pages (X.500/WHOIS++) project. The group will focus on tailoring and profiling the features available in the v3 X.509 certificate to best match the requirements and characteristics of the Internet environment. Other topics to be addressed potentially include: o Alternatives for CA-to-CA certification links and structures, including guidelines for constraints o Revocation alternatives, including profiling of X.509 v2 CRL extensions o Certificate and CRL distribution options (X.500-based, non-X.500-based) o Guidelines for policy definition and registration o Administrative protocols and procedures, including certificate generation, revocation notification, cross-certification, and key-pair updating o Naming and name forms (how entities are identified, e.g., email address, URN, DN, misc.) o Generation of client key pairs by the PKI Goals and Milestones: Oct 95 Agree on working group charter. Nov 95 Complete initial strawman PKI specification. Dec 95 First meeting at Dallas IETF. Jul 96 Submit PKI (X.509) specification to IESG for consideration as a Proposed Standard. Internet-Drafts: Posted Revised I-D Title ------ ------- ------------------------------------------ Feb 96 Oct 97 Internet Public Key Infrastructure X.509 Certificate and CRL Profile Jun 96 Oct 97 Internet Public Key Infrastructure Certificate Management Protocols Mar 97 Oct 97 Internet Public Key Infrastructure Operational Protocols - LDAPv2 Mar 97 Oct 97 Internet Public Key Infrastructure Certificate Policy and Certification Practices Framework Jul 97 New Internet Public Key Infrastructure Jul 97 New Internet Public Key Infrastructure Part V: Time Stamp Protocols Aug 97 Oct 97 Internet Public Key Infrastructure Representation of Key Exchange Algorithm (KEA) Keys in Internet Public Key Infrastructure Certificates Sep 97 Oct 97 Internet Public Key Infrastructure Operational Protocols: FTP and HTTP Oct 97 New Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP Request For Comments: None to date.