Search This Blog

Wednesday, February 6, 2008

Proposed Recharter of IETF Public-Key Infrastructure (X.509 PKIX) WG

The IESG Secretary announced the availability of a proposed modified
charter submitted for the Public-Key Infrastructure (X.509) PKIX
working group in the Security Area of the IETF. The IESG has not made
any determination as yet. As proposed: "The PKIX Working Group was
established in the fall of 1995 with the goal of developing Internet
standards to support X.509-based Public Key Infrastructures (PKIs).
Initially PKIX pursued this goal by profiling X.509 standards developed
by the CCITT (later the ITU-T). Later, PKIX initiated the development
of standards that are not profiles of ITU-T work, but rather are
independent initiatives designed to address X.509-based PKI needs in
the Internet. Over time this latter category of work has become the
major focus of PKIX work, i.e., most PKIX-generated RFCs are no longer
profiles of ITU-T X.509 documents. PKIX has produced a number of
standards track and informational RFCs... PKIX will continue to track
the evolution of ITU-T X.509 documents, and will maintain compatibility
between these documents and IETF PKI standards, since the profiling of
X.509 standards for use in the Internet remains an important topic for
the working group... PKIX will pursue new work items in the PKI arena
if working group members express sufficient interest, and if approved
by the cognizant Security Area director. For example, certificate
validation under X. 509 and PKIX standards calls for a relying party
to use a trust anchor as the start of a certificate path. Neither X.509
nor extant PKIX standards define protocols for the management of trust
anchors. Existing mechanisms for managing trust anchors, e.g., in
browsers, are limited in functionality and non-standard. There is
considerable interest in the PKI community to define a standard model
for trust anchor management, and standard protocols to allow remote
management. Thus a future work item for PKIX is the definition of such
protocols and associated data models.

1 comment:

Anonymous said...

this is great informative stuff, i really like it, and now i am studying it all, great stuff man, keep it up, we really appreciate this effort