Last Modified: 2005-01-13
Done | Complete approval of CMC, and qualified certificates documents | |
Done | Complete time stamping document | |
Done | Continue attribute certificate profile work | |
Done | Complete data certification document | |
Done | Complete work on attribute certificate profile | |
Done | Standard RFCs for public key and attribute certificate profiles, CMP, OCSP, CMC, CRMF, TSP, Qualified Certificates, LDAP v2 schema, use of FTP/HTTP, Diffie-Hellman POP | |
Done | INFORMATIONAL RFCs for X.509 PKI policies and practices, use of KEA | |
Done | Experimental RFC for Data Validation and Certification Server Protocols | |
Done | Production of revised certificate and CRL syntax and processing RFC (son-of-2459) | |
Done | DPD/DVP Requirements RFC | |
Done | Certificate Policy & CPS Informational RFC (revision) | |
Done | Logotype Extension RFC | |
Done | Proxy Certificate RFC | |
Mar 04 | SCVP proposed Standard RFC | |
Jan 05 | Cert Path Building approved as Informational RFC | |
Jan 05 | Certificate Store approved as Informational RFC | |
Jan 05 | PKIX Repository approved as Informational RFC | |
Feb 05 | ECC Algorithms approved as PROPOSED Standard RFC | |
Mar 05 | CRMFbis approved as PROPOSED Standard RFC | |
Mar 05 | SCVP approved as PROPOSED Standard RFC | |
Mar 05 | Subject Identification Method as Informational RFC | |
May 05 | OCXSPv2 Extensions approved as PROPOSED Standard RFC | |
Jun 05 | Progression of Qualified Certificates Profile RFC to DRAFT Standard | |
Jun 05 | Progression of CMC RFCs to DRAFT Standard | |
Jun 05 | Progression of Certificate & CRL Profile RFC to DRAFT Standard | |
Jun 05 | Progression of Time Stamp Protocols RFC to DRAFT Standard | |
Jul 05 | Progression of Logotype RFC to DRAFT Standard | |
Jul 05 | Progression of Proxy Certificate RFC to DRAFT Standard | |
Jul 05 | Progression of Attribute Certificate Profile RFC to DRAFT standard | |
Nov 05 | Progression of CRMF, CMP, and CMP Transport to DRAFT Standard | |
Dec 05 | Progression of SCVP to Draft Standard |
RFC | Status | Title |
---|---|---|
RFC2459 | PS | Internet X.509 Public Key Infrastructure Certificate and CRL Profile |
RFC2510 | PS | Internet X.509 Public Key Infrastructure Certificate Management Protocols |
RFC2511 | PS | Internet X.509 Certificate Request Message Format |
RFC2527 | I | Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework |
RFC2528 | I | Internet X.509 Public Key Infrastructure Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Public Key Infrastructure Certificates |
RFC2559 | PS | Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2 |
RFC2560 | PS | X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP |
RFC2585 | PS | Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP |
RFC2587 | PS | Internet X.509 Public Key Infrastructure LDAPv2 Schema |
RFC2797 | PS | Certificate Management Messages over CMS |
RFC2875 | PS | Diffie-Hellman Proof-of-Possession Algorithms |
RFC3029 | E | Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols |
RFC3039 | PS | Internet X.509 Public Key Infrastructure Qualified Certificates Profile |
RFC3161 | PS | Internet X.509 Public Key Infrastructure Time Stamp Protocols (TSP) |
RFC3279 | PS | Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and CRI Profile |
RFC3280 | PS | Internet X.509 Public Key Infrastructure Certificate and CRL Profile |
RFC3281 | PS | An Internet Attribute Certificate Profile for Authorization |
RFC3379 | I | Delegated Path Validation and Delegated Path Discovery Protocol Requirements |
RFC3628 | I | Policy Requirements for Time-Stamping Authorities |
RFC3647 | I | Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework |
RFC3709 | Standard | Internet X.509 Public Key Infrastructure: Logotypes in X.509 certificates |
RFC3739 | Standard | Internet X.509 Public Key Infrastructure: Qualified Certificates Profile |
RFC3770 | Standard | Certificate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN |
RFC3779 | Standard | X.509 Extensions for IP Addresses and AS Identifiers |
RFC3820 | Standard | Internet X.509 Public Key Infrastructure Proxy Certificate Profile |
RFC3874 | I | A 224-bit One-way Hash Function: SHA-224 |
PKIX WG Meeting 3/8/05
Edited by Steve Kent Chairs: Stephen Kent <kent@bbn.com> & Tim Polk <tim.polk@nist.gov> The PKIX WG met once during the 62nd IETF. A total of approximately 45 individuals participated in the meeting. Document status - Tim Polk (NIST) Five documents in RFC Editor's queue. One document just approved by IESG, several more in the IESG queue for review & approval. Several documents stalled. PKIX WG Document Presentations Simple Certificate Validation Protocol (SCVP) - David Cooper (NIST) Significant progress has been made towards rough consensus through the two drafts submitted since the last meeting. These drafts represent been submitted with significant enhancements. At this stage (rev 18) the editors are trying to determine if the remaining comments suggesting changes have wide support and thus need to be accommodated. David noted some confusion re the semantics of the default validation policy part of the spec, which needs to be discussed on the list to resolve some ambiguities. Several "sense of the room" polls were taken, but the questions will be brought to the list for resolution. 3280bis - David Cooper (NIST) A design team met in January to develop a -00 draft from a issues list complied from PKIX mail messages and mail to the RFC 3280 editors. Draft -00 incorporates a number of clarifications and small changes designed to align with ISO and remove ambiguities, and a new section on comparing internationalized names. See the next presentation for details on internationalization of names. A question was raised as to whether this document should be used by an application to guide name matching rules, if the application makes use of a name from a certificate to make an access control decision or analogous determination. To first order, this document addresses matching rules only for name comparisons relative to path validation, e.g., for certificate chaining and for applications of name constraints. UTF8String Deployment and Migration - Akira Kanaoka (Secom/JNSA PKI Challenge Project) This presentation reported on feedback received from a questionnaire on UTF8String deployment in Asia, i.e., to determine the extent to which CAs in Asia followed the RFC 3280 guidance on this topic, guidance that was rescinded in 3280bis! The survey was sent to Asia PKI Forum members in 9 countries, but got replies from 11 CAs in 3 only countries. All of the CAs that replied were government-funded, not private CAs. Responses indicate that most CAs use UTF8 when they need to represent names in other than their local character set. Another survey looked at MS Windows root certificate stores, as a measure of commercial CA migration, and here none of the root CAs had UTF8 encodings! Given the commercial CA situation, need a migration plan. Suggestion is to create an individual submission, Informational RFC to describe whatever migration strategy is developed, test cases, etc. CRL Signer Certificates and AIA - Stefan Santesson (Microsoft) Draft -00 of this new PKIX document was published after the last meeting. There has been moderate discussion on the list about this draft. About 5 major issues were identified. Responses have been proposed for each issue and, where appropriate, will be reflected in the next draft. One issue (choice of recommended referral methods) still remains, and will be addressed on the list. Update on CRMF, CMC documents - Jim Schaad (Soaring Hawk) This presentation reviewed the state of several related drafts and highlight the controversies that remain. CRMF was forwarded to the RFC editor a bit earlier that Jim had anticipated. Two OID assignments need to be changed, and the plan is to use the 48-hour author's review period to make these changes, after confirmation on the WG list. CMC-based and transport documents are ready, will go out soon. CMC compliance document will go out very soon. CMC archive has one issue to be resolved, dealing with packaging of multiple keys retrieved from an escrow agent. Nonetheless, this document also will be republished and ready for last call very shortly. Related Specifications & Liaison Presentations LDAP schema definitions - Kurt Zeilenga (OpenLDAP) The author of this individual submission has requested that the WG review and comment upon this draft. He intends to make a decision by the end of IETF#62 whether to recommend this revision for IESG consideration as a Proposed Standard. This document is intended to be published at the same time as the revised LDAP TS being developed by the LDAPBIS WG. OCSP Data Interchange Format - John Hines (Tumbleweed) The presenter will be submitting an individual draft defining a data interchange format for OCSP servers. The presentation described the problems that inspired this draft and invites WG participation, even though the document will not be a PKIX document. The goal is to eventually make this a standard, and Russ Housley explained the procedure for doing this via the individual submission path. |