Editor`s Note: Minutes received 7/17 - attendee list will be appended later.
CURRENT_MEETING_REPORT_
Reported by Steve Kent/BBN
Minutes of the Privacy-Enhanced Mail Working Group (PEM)
The PEM Working Group met once during the Boston IETF meeting. Various
topics relative to the documents which will supersede RFCs 1113-1115
were discussed and resolved. The consensus of the attendees was that,
when the changes discussed in this meeting have been executed, the
resulting Internet Drafts will be ready for submission as Proposed
Standard RFCs. The authors of RFCs 1113 and 1114 were present at the
meeting and agreed to make the requisite changes by the end of July.
The expectation is that the changes to RFC 1115 are very minor and also
can be effected by the end of July. No modifications to the FORMS
Internet Draft were identified, so that document also should be ready by
the end of July.
The identified changes to be made to the documents are described below:
o Any certificate emitted by a PEM implementation, shall use the
object identifier for RSA (see Annex G of X.509) to identify an RSA
public key carried in the SubjectPublicKeyInfo field. However, PEM
implementation shall accept both this object identifier and the
``RSAEncryption'' object identifier (from PKCS), in this field in
``received'' certificates, e.g., certificates in incoming PEM
messages.
o The term ``Internet Certificate Authority'' will be changed to
``Internet Policy Registration Authority'' throughout RFC 1114bis.
o A new field, ``Content-Domain'' will be added to the PEM header.
This field will be used to specify the type of content which has
been protected by PEM and thus what ``UA'' should be invoked after
PEM processing has been effected upon a received message. This
provides a facility for future carriage of data type other than
simple, RFC 822 mail, e.g., MIME, X.400, etc. This field must
appear exactly once in the message, immediately after Proc-Type.
The initial parameter value permitted for this field is ``RFC-822''
and will be so specified in RFC 1115bis.
The Working Group agreed to make integration of PEM with MIME the next
major work item to be addressed on the PEM-DEV list and in future IETF
meetings. It was agreed that this is a non-trivial task which will
require careful study. There is a very strong desire from a variety of
Internet community members to proceed with deployment of PEM for use
with ``vanilla'' RFC 822 mail, hence this decision to make PEM-MIME
integration a new work item rather than delaying progress of the current
set of Internet Drafts. In recognition of this approach to
accommodating MIME, RFC 1113bis will be revised to make explicit that it
is a specification of core PEM functions plus use of PEM with RFC 822
1
�
mail, and that subsequent RFCs will address use of the core PEM
functions with other mail systems, e.g., MIME, X.400, etc.
There was a discussion of issues related to deployment of PEM,
summarized below:
o The PEM specification documents should all be ready for advancement
by the end of July.
o TIS should be able to quickly accommodate the very minor change to
the PEM header decided upon at this meeting, so availability of the
reference implementation should not be substantially affected by
the decisions at this meeting.
o TIS and RSADSI have executed the license agreement necessary for
Internet distribution of PEM.
o The Internet Society is making preparation to instantiate its role
as an Internet Policy Registration Authority. MIT has developed
software that impelments the CRL service defined in FORMS and which
needs to be operated by the IPRA. Steve Kent has provided a
strawman algorithmic description of processing for the DN conflict
resolution database, another database which the IPRA will operate.
o TIS and RSADSI have approached the IPRA about establishing PCAs,
and RSADSI has recently distributed, via PEM-DEV, a candidate
policy statement for a PERSONNA PCA.
It was suggested that an FYI on how prospective PEM users ``get
started'' would be a useful document, once PEM deployment has
progressed. This would augment the PCA policy statements which will be
published as informational RFCs. It also was suggested that a PEM
implementors' BOF might be scheduled for the next IETF, based on
expectations for PEM deployment progress during the next 6 months.
2