Re: Revised draft charter

[Stephen Kent <kent@xxxxxxx>]

Title: Re: Revised draft charter

Sean,

I made some suggested edits, and inserted a couple of comments, in red.

Steve

----

Security Area Director(s):

-  Tim Polk <tim.polk@xxxxxxxx>
-  Sam Hartman <hartmans-ietf@xxxxxxx>

Security Area Advisor:

TBD

Mailing Lists:

General Discussion: ietf-trust-anchor@xxxxxxxx
To Subscribe: http://www.vpnc.org/ietf-trust-anchor/
Archive: http://www.vpnc.org/ietf-trust-anchor/mail-archive/

Description of Working Group:

The need for a standard protocol for trust anchor management has been recognized for some time.  Many groups within the IETF, including PKIX, Kerberos, TLS and SIDR have a dependency on trust anchors, yet provide no generic mechanism for the their management.

A trust anchor represents an authoritative entity via a public key and associated data. <deleted redundant definition> The public key is used to verify digital signatures and the associated data is used to constrain the types of information for which the trust anchor is authoritative.  Relying parties use trust anchors to determine if digitally signed objects are valid by verifying digital signatures using the trust anchor's public key and by enforcing the constraints expressed in the associated data.

Despite the wide-spread use of trust anchors, there is no standard means for managing these security-critical data.  This Working Group will develop a specification to fill this gap.

The initial problem statement for this work is to be based on:

- draft-wallace-ta-mgmt-problem-statement

The scope of the work is to include:

- Supporting a single trust anchor administrator <no definition of a TAA>, such as in a typical   enterprise, who may be administering multiple trust anchors in her domain
- Supporting multiple trust anchor administrators, such as is typical for home  users
- Supporting systems with limited or no user interface
- Supporting devices that may or many not be connected to the Internet at the time of management (e.g., relying on physical delivery of trust anchor management messages)

The following are out of scope of this work:

- Supporting systems with limited or no user interface <contradicts bullet above!>
- Supporting devices that may or many not be connected to the Internet at the time of management <contradicts bullet above!>

The deliverables will be:

- An informational problem statement/requirements specification for a trust anchor management protocol
- A standards track trust anchor management protocol specification

Goals and Milestones:

+6 months                 WG last call on problem statement/requirements
+9 months                 Adoption of WG draft protocol spec.
+15 months                WG last call for protocol spec.