XML Key Management Services WG

DRAFT 1st October 2002 XKMS Teleconference Minutes
Chairs: Stephen Farrell, Shivaram Mysore
Note Takers: Joseph Reagle and Stephen Farrell

Participants

1. Shivaram Mysore, Sun Microsystems
2. Stephen Farrell, Baltimore
3. Mike Just, Entrust
4. Phill Hallam-Baker, Verisign
5. Yassir Elley, Sun Microsystems
6. Joseph Reagle, W3C
7. Peter Rostin, RSA Security
8. Brian LaMacchia, Microsoft
9. Frederick Hirsch

Regrets

1. Ed Simon, XMLsec Inc

Status Update

1. Charter update done and sent to W3C Domain Leader. Changes include new timelines for deliverables and inclusion of new boiler plate for IPR + minor cosmetic changes.
2. [11:34:19] Mysore: new charter has gone to W3C Domain Leader, should go to AC next.
3. Specification has been split into 2 parts and info regarding WSS has been removed from part II
4. Mike Just/Phill - could you please send updated issues list to be posted on the web - once a week or 15 days with a new version of the spec atleast for the next 3-4 weeks so that we can wrap this up.
5. Clarification from Phill needed regarding Action item 2 of the F2F minutes about what exactly needs to be sent to WSS TC from XKMS group.
6. [11:34:42] Phil: nothing has been sent to ws-sec yet, we should get the protocol doc more in shape before we do anything

XKMS Specification V2.0 DRAFT (Sept 26, 2002) - Phill Hallam-Baker

1. [11:37:53] ISSUE 20: what to do with status element?
2. [11:39:34] Phil: overall status needs to be invalid if any of the constituents are.
3. [11:40:11] reason codes are informational.
4. [11:41:43] status value is required, and the normative information
5. [11:42:03] stephen: what happens if one processes them, and another doesn't, and they get different results.
6. [11:42:42] phil: the reason code sets an upper bound on what you can return in the status value
7. [11:43:24] stephen: not sure if that's approriate...
8. [11:45:49] peter: how do you combine the returns from different services?
9. [11:47:25] stephen: ACTION phil: phil will rewrite the text for the client status processing algorithm
10. [11:48:10] stephen: we need the algorithm to be implementable and determinent (consistent answers)
11. [11:49:15] ISSUE 22: calling multiple requests a compound requests.
12. [11:50:30] stephen: are we merging xbulk functionality...
13. [11:50:54] phil: we agreed at the F2F that we would merge their schemas, and create a profile for smartcard sort of operations
14. [11:51:10] stephen: but a xkms specification doesn't have to support bulk operations?
15. [11:51:31] phil: yes, not every service would have to support this.
16. [11:54:42] phil: section 2.1 needs some text that makes it clear that compound request is not supported
17. [11:57:45] brian: we do want multiple requests, though we presumed that multiple requests would come along without a extra ancestor element.
18. [11:58:13] phil: probably useful to have a new root with a whole message body, in ws-sec.
19. [12:01:20] how to show correlation between the requests and responses?
20. [12:02:05] reagle: if multiple requests with multiple optional feature, and you get a response of "feature not supported" do you know which one it corresponds to
21. [12:02:34] stephen: sounds similar to existing technology in which I've seen very little interop on this point.
22. [12:06:18] stephen: in pkix this was all included and eventually they had to write appendix C to profile it all.
23. [12:09:05] brian: will you ban asynchronous on the compound, and synchronous on the individual requests?
24. [12:12:53] reagle: I'm concerned that the asynchronous multiple requests will be complex and hairy
25. [12:13:21] reagle: in which case, what requires us to take all of these things on together? can the scary stuff be isolated?/
26. [12:13:46] phil: more specs fail by punting, look at dns-sec
27. [12:14:47] yassir: with the id and nonces, do you plan to protect against compound replay attacks and the singular ones?
28. [12:15:23] phil: that's an argument for keeping it together, because the protocol document is going to have to address these issues.
29. [12:17:26] (discussion: how often would someoen have to use the same private key once over multiple proof's of posession)
30. [12:17:52] brian: each one of these requests need to be processed as if they are distinct, one proof of posession can't work over all of them.
31. [12:19:13] yassir: what is the meaning of multiple service URIs within their compound then.
32. [12:20:02] phil: the service URI of the compound corresponds to the compound service
33. [12:20:44] ACTION phil: will generate some text on this, but I need an answer to the question of when we are compounding requests, do we want to support 3 of one kind, and 4 of another.
34. [12:21:34] reagle: are these things, locates, validates?
35. [12:21:42] phil: also XKISS and KRSS, register, etc.
36. [12:22:34] reagle: try to keep these things simple
37. [12:24:56] stephen: no argument against all of the same type.
38. [12:25:03] brian: i would argue against that.
39. [12:25:09] stephen: use case?
40. [12:25:41] brian: why add complexity to to the parse rules. doesn't make the server's job easier.
41. [12:25:57] brian: i can image use cases with multiple register and a validate together.
42. [12:26:47] stephen: we have two use cases of doing multiple locates (for decrypting email) or multiple registries.
43. [12:27:11] stephen: my experience with CMP and CMC shows this can get complex.
44. [12:29:55] brian: we need to think about network connections, i might be a large company that is going to batch a whole slew of requests
45. [12:31:20] frederick: we need to be clear that there's no ordinality within the constituent requests.
46. [12:31:48] stephen: i've never seen interop on this.
47. [12:35:27] phil: let me propose the text and then we can take pot shots at it
48. [12:37:53] ISSUE 30: Policy URI.
49. [12:38:21] phil: tweaks to the schema: can be on a locate or validate, can also occur on any prototypes and queries.
50. [12:38:37] phil: what happens if you specify more than one policy URI?
51. [12:44:31] stephen: are URIs sufficient, or does it need to be more extensible.
52. [12:51:12] phil: I'll propose some text and if we can't get agreement will go with restricting it to 1
53. [12:51:21] ISSUE 31: redesign of ANY
54. [12:52:42] no comments.
55. [12:53:52] ISSUE32: RespondWith, does someone have a better idea for the names fo the elements.
56. [12:53:57] Phil: will send back out to the list.
57. [12:54:32] ISSUE32: proposal to querykeybinding, to keybindingquery, phil doesn't want to do this because most of the name are little endian
58. [12:55:02] ISSUE51: X509 attributes, where to put them in?
59. [12:55:26] how does someone reply with extended key usage
60. [12:56:07] earlier we said we wanted to avoid leaks from x509
61. [12:56:49] call agrees: we don't want specific x509 data structures we want leaking over.
62. [13:03:14] Another call in two weeks.
63. [13:03:28] Mike will process the issues list with what's been done.
64. ISSUE 61: Should be put a "Do not" in front of the proposed resolution (ACTION SF to send mail to Blake)
65. ACTION Phill: send another draft of the spec in a week's time.

Next Telecon

• Probable Dates: October 17 or 18, 2002; Probable Time: 12:30 - 14:00 UTC