PEM WG Meeting Minutes
The PEM WG met once during the Boston IETF meeting. Various
topics relative to the documents which will supercede RFCs 1113-1115
were discussed and resolved. The concensus of the attendees was
that, when the changes discussed in this meeting have been executed,
the resulting I-Ds will be ready for submission as proposed standard
RFCs. The authors of RFCs 1113 and 1114 were present at the meeting
and agreed to make the requisite changes by the end of July. The
expectation is that the changes to RFC 1115 are very minor and also
can be effected by the end of July. No modifications to the FORMS
I-D were identified, and so that document also should be ready by the
end of July.
The identified changes to be made to the documents are
described below:
- Any certificate emitted by a PEM implementation, shall use
the object identifier for RSA (see Annex G of X.509) to identify an
RSA public key carried in the SubjectPublicKeyInfo field. However,
PEM implementation shall accept both this object identifier and the
"RSAEncryption" object identifier (from PKCS), in this field in
"received" certificates, e.g., certificates in incoming PEM messages.
- The term "Internet Certificate Authority" will be changed
to "Internet Policy Registration Authority" throughout RFC 1114bis.
- A new field, "Content-Domain" will be added to the PEM
header. This field will be used to specify the type of content which
has been protected by PEM and thus what "UA" should be invoked after
PEM processing has been effected upon a received message. This
provides a facility for future carriage of data type other than
simple, RFC 822 mail, e.g., MIME, X.400, etc. This field must appear
exactly once in the message, immediately after Proc-Type. The initial
parameter value permitted for this field is "RFC-822" and will be so
specified in RFC 1115bis.
The WG agreed to make integration of PEM with MIME the next
major work item, to be addressed on the PEM-DEV list and in future
IETF meetings. It was agreed that this is a non-trivial task which
will require careful study. There is a very strong desire from a
variety of Internet community members to proceed with deployment of
PEM for use with "vanilla" RFC 822 mail, hence this decision to make
PEM-MIME integration a new work item rather than delaying progress of
the current set of I-Ds. In recognition of this approach to
accommodating MIME, RFC 1113bis will be revised to make explicit that
it is a specification of core PEM functions plus use of PEM with RFC
822 mail, and that subsequent RFCs will address use of the core PEM
functions with other mail systems, e.g., MIME, X.400, etc.
There was a discussion of issues related to deployment of
PEM, summarized below:
- The PEM specification documents should all be ready for
advancement by the end of July.
- TIS should be able to quickly accommodate the very minor
change to the PEM header decided upon at this meeting, so
availability of the reference implementation should not be
substantially affected by the decisions at this meeting.
- TIS and RSADSI have executed the license agreement necessary
for Internet distribution of PEM.
- The Internet Society is making preparation to instantiate
its role as an Internet Policy Registration Authority. MIT has
developed software that impelments the CRL service defined in FORMS
and which needs to be operated by the IPRA. Steve Kent has provided
a strawman algorithmic description of processing for the DN conflict
resolution database, another database which the IPRA will operate.
- TIS and RSADSI have approached the IPRA about establishing
PCAs, and RSADSI has recently distributed, via PEM-DEV, a candidate
policy statement for a PERSONNA PCA.
It was suggested that an FYI on how prospective PEM users
"get started" would be a useful document, once PEM deployment has
progressed. This would augment the PCA policy statements which will
be published as informational RFCs. It also was suggested that a PEM
implementors' BOF might be scheduled for the next IETF, based on
expectations for PEM deployment progress during the next 6 months.