Draft Report of the May 11 TWG Meeting

[Bill Burr <william.burr@nist.gov>]

TWG Meeting Report 11 May 2000

The PKI TWG met on 11 May at NOAA in Silver Spring, MD.

Attendance
Vered Anikster, NDS Americas, Inc. 	Nelson Barry, Energy Dept.
Debb Blanchard, DST				Lawrence Bowen, HCFA
Richard Brown, XCERT			Bill Burr (TWG Chairman), NIST
Shu-jen Chang, NIST				Michael Chernick, NIST
David Cooper, NIST				Steve Elky, SPS
Paul Evans, WEMA Chal. 99/2000		Jim Fisher, Chesapeake Net. Sol.
William Flanigan, DoD/OSD			Chris Foran, nCipher
Christopher Francis, Raytheon		William A. Franklin, nCipher
Richard Friend, CSC				Sam Fuson, ORC
Paul Grabow, Fed. Reserve Board 		Ed Harrington, NEXOR
Jim Heimberg, General Dynamics 		Gene Hilborn, CSC
Matthew Hirsch, 				BAH	Pete Hogan, Cygnacom
William A. Johnston, CSC			Wankyung Kim, IMSI
Richard Kissel, NOAA			Ed Kosciuszko, State Dept.
Dinesh Kumar, SSA				John Kyler, NOAA
Michael Levy, SSA				Jan Lovorn, JL Information Systems
Zakir Mahmood, IMSI				Robert Malick, NIH 
Gene McDowell, Commerce - NOAA		Lynn McNulty, RSA Security
Kenice Middleton, FDIC			Kathy Mihalisko, Chesapeake Ntwk. Sol.
Eric Miller, DOJ				Micael Minogue, Navy Dept.
L. E. Morton, IBM 				Garrett Mussmann, Inf. Sec. Strat.
Randy M. Nash, State Dept.			Ahmad Noori, PEC
Jane Ohlmacher, SSA				Tim Polk, NIST
John Purcell, FMS/Treasury			Marion A. Royal, GSA/OGP
Robert W. Shirey, GTE 			Lloyd Smith, SSA 
Gib Sorebo, US House of Rep.		Mickey Tevelow, BAH
Stacey Toy, DOE				George Usher, CORBETT Tech.
Cathie Ward, Veterans Admin.		Kym Watkin-Statham, BAH
Kevin Williams, State Dept.		Mark Williamson, nCipher
Tony Wu, NOAA					Scott Wyckoff, Logicon



Agenda

1.	Introductions 
2.	Document registration
3.	Draft agenda review
4.	Liaison reports
- business group  
- legal group  
- steering committee  
- Directory Forum  
5.	A Digital Signature/workflow application
- John Dulka, CACI
6.	EMA Challenge Report (twg-00-19)
- Polk
7.	Certificate and CRL Profile (twg-00-18)
- Hirsch 
8.	Directory Interoperability Profile: 
- do we need one? 
- what should it do? 
9.	Advanced Encryption Standard Status (twg-00-20)
- Burr
10.	Next meeting's agenda items
11.	Other business
12.	Adjourn 


Discussion
*	John Dulka of CACI described a forms-based workflow application that CACI has developed for DoD procurement.  XFDL versions of forms such as DD 250s are coded in XFDL, an XML based forms language, developed by UWI.com and made available on a server.  The forms are made available on ordinary webservers and thin browser type clients are used with UWI plug-ins to sign the forms.  Workflow is provided through server-side JAVA servlets.  A ValiCert OCSP server is used to aggregate certificate status from different CAs in the DoD PKI and provide status checking; the servers use this status checking to verify the status of user certificates when signatures are validated.

*	Bill Burr gave a presentation (twg-00-20)  on the third Advanced Encryption Standard  (AES) conference held in New York City in April, following the Fast Software Encryption Conference.  About 250 people form 30 countries attended, including many of the world's best known cryptographers, and about 30 papers were presented (a number of the FSE papers were also relevant to the AES selection).  The AES will be a symmetric key block encryption algorithm that supports 128-bit blocks and 128, 192 and 256 bit keys.  It is intended to be secure for several decades at least.  The five AES finalists are MARS, RC6, Twofish, Serpent and Rijndael.  A good deal of performance data was presented, and the first data on hardware (FPGA & ASIC)implementations.  New "reduced round" analytical results were presented on Rijndael and MARS. The strong consensus of the participants that NIST should pick only one AES winner (perhaps with a cold backup).  Many individuals seemed to think that any of the five finalists would be at least an adequate choice.  The greatest concern expressed was about patents, or "intellectual property attacks," since the hope is to have an algorithm that is available royalty free, worldwide.  NIST plans to announce the winner in late summer of the early fall.

*	Tim Polk presented (twg-99-00) a summary of the results of the Bridge CA Demo at the EMA conference in Boston in April.  The BCA demo was a success and the booth was one of the most popular at the show.  The prototype BCA became operational Feb 8, and included 2 CA's "within the membrane."   These were cross certified with 6 separate PKI domains (DoD/NSA demonstration BCA , NASA, Georgia Tech. Research Institute, NIST and the Government of Canada test PKI), a total of about 20 CAs in all, from five vendors.  Six different X.500 DSAs from 4 vendors were connected via X.500 DSP chining through the BCA directory.  Client directory access was through LDAP.  Two S/MIME v3 clients were used to build and validate certification paths from directories and paths as long as 5 or 6 certificates were demonstrated.  Only signed e-mail was demonstrated, encryption will be done in a follow-on effort.  

This was undoubtedly the most complex multi CA, mult-vendor PKI yet demonstrated, and the demos was highly successful.  A number of interoperability glitches were discovered, including one caused by different interpretations of the X.509 standard and the Basic Constraints extension, and this may result in a defect report against X.509.

Paul Evans gave a short update on EMA demo plans to extend the WEMA challenge 2000 to include other commercial PKIs with their own Bridge CAs.  Contact Paul (paul.evans@wema.org) for more information or to participate.

*	Matt Hirsch discussed the FPKI profile(twg-00-18).  It is an Excel spreadsheet that includes separate detailed profiles for self-signed CA certificates, BCA certificates, other CA certificates, end entity signature certificates, end entity key management certificates and CRLs.  Every field of each type of certificate is separately specified in a row of the spreadsheet, allowing very explicit and detailed specification.  We believe that the profile is consistent with the RFC 2459 (PKIX) profile.  One area of concern is the appropriate variant of RSA to use and specify.  Most commercial products today use the PKCS#1 format for RSA, while Federal Information Processing Standard (FIPS) specifies X9.31 (a financial services industry ANSI standard), with an 18-month transition period.  The two formats are not compatible, and X9.31 has other requirements to use and test for "strong primes."  A new version of PKCS#1 may also be adopted by X9.  We will schedule a future discussion of RSA OIDs, and attempt to get participants who are more knowledgeable about the alternatives.

*	There was a discussion of directory issues and the need for a "directory profile."  We will take the issue to the list, and consider establishing an ad hoc group focused on directory issues.  It seems clear that directories are a major concern with PKI.  Marion Royal pointed out that the USGOLD project had designed a directory schema for the US government, and offered to provide the USGOLD design document to bill Burr, who will  make them available on the TWG website.

*	Michelle Borzillo, chair of the Legal Policy WG had requested (http://www.nist.gov/itl/div896/emaildir/pki-twg/msg00131.html) that the TWG consider drafting an application form application form for the Policy Authority for agencies to use when seeking to interoperate with the BCA.  She felt that this would be more a technical than a legal or policy document.  The immediate reaction in the meeting was to ask, what would the technical content be that would not be included in the applicant's CPS?  One possible answer would be information about directory interoperability.

Next meeting
The next TWG meeting will be Wednesday 7 June at NIST North in Gaithersburg, MD.

Numbered TWG documents listed above can be found at  http://csrc.nist.gov/pki/twg/y2000/doc_reg_00.htm.


Regards,

Bill Burr