Public-Key Infrastructure (X.509) (pkix)
----------------------------------------

Charter
Last Modified: 2006-12-27

Current Status: Active Working Group

Chair(s):
    Stephen Kent  <[email protected]>
    Stefan Santesson  <[email protected]>

Security Area Director(s):
    Russ Housley  <[email protected]>
    Sam Hartman  <[email protected]>

Security Area Advisor:
    Russ Housley  <[email protected]>

Mailing Lists:
    General Discussion:[email protected]
    To Subscribe:      [email protected]
        In Body:       subscribe (In Body)
    Archive:           http://www.imc.org/ietf-pkix

Description of Working Group:

The PKIX Working Group was established in the Fall of 1995 with the
intent of developing Internet standards needed to support an
X.509-based PKI. The scope of PKIX work has expanded beyond this
initial goal. PKIX not only profiles ITU PKI standards, but also
develops new standards apropos to the use of X.509-based PKIs in the
Internet.

PKIX has produced several informational and standards track documents
in support of the original and revised scope of the WG. The first of
these standards, RFC 2459, profiled X.509 version 3 certificates and
version 2 CRLs for use in the Internet. Profiles for the use of
Attribute Certificates (RFC XXXX [pending]), LDAP v2 for certificate
and CRL storage (RFC 2587), the Internet X.509 Public Key
Infrastructure Qualified Certificates Profile (RFC 3039), and the
Internet X.509 Public Key Infrastructure Certificate Policy and
certification Practices Framework (RFC 2527 - Informational) are in
line with the initial scope.

The Certificate Management Protocol (CMP) (RFC 2510), the Online
Certificate Status Protocol (OCSP) (RFC 2560), Certificate Management
Request Format (CRMF) (RFC 2511), Time-Stamp Protocol (RFC 3161),
Certificate Management Messages over CMS (RFC 2797), Internet X.509
Public Key Infrastructure Time Stamp Protocols (RFC 3161), and the use
of FTP and HTTP for transport of PKI operations (RFC 2585) are
representative of the expanded scope of PKIX, as these are new
protocols developed in the working group, not profiles of ITU PKI
standards.

A roadmap, providing a guide to the growing set of PKIX document, also
has been developed as an informational RFC.

Ongoing PKIX Work items

An ongoing PKIX task is the progression of existing, standards track
RFCs from PROPOSED to DRAFT. Also, to the extent that PKIX work
relates to protocols from other areas, e.g., LDAP, it is necessary to
track the evolution of the other protocols and produce updated
RFCs. For example, the LDAP v2 documents from PKIX are evolving to
address LDAP v3. Finally, since the profiling of X.509 standards for
use in the Internet remains a major focus, the WG will continue to
track the evolution of these standards and incorporate changes and
additions as appropriate.

New Work items for PKIX

- production of a requirements RFC for delegated path discovery and
 path validation protocols (DPD/DPV) and subsequent production of
 RFCs for protocols that satisfy the requirements

- development of a logotype extension for certificates

- development of a proxy certificate extension and associated
 processing rules

- development of an informational document on PKI disaster recovery

These work items may become standards track, INFORMATIONAL or
EXPERIMENTAL RFCs, or may not even be published as RFCs.

Other deliverables may be agreed upon as extensions are proposed.
New deliverables must be approved by the Security Area Directors
before inclusion on the charter or IETF meeting agendas.

Goals and Milestones:

  Done         Complete approval of CMC, and qualified certificates documents

  Done         Complete time stamping document

  Done         Continue attribute certificate profile work

  Done         Complete data certification document

  Done         Complete work on attribute certificate profile

  Done         Standard RFCs for public key and attribute certificate
               profiles, CMP, OCSP, CMC, CRMF, TSP, Qualified Certificates,
               LDAP v2 schema, use of FTP/HTTP, Diffie-Hellman POP

  Done         INFORMATIONAL RFCs for X.509 PKI policies and practices, use of
               KEA

  Done         Experimental RFC for Data Validation and Certification Server
               Protocols

  Done         Production of revised certificate and CRL syntax and processing
               RFC (son-of-2459)

  Done         DPD/DVP Requirements RFC

  Done         Certificate Policy & CPS Informational RFC (revision)

  Done         Logotype Extension RFC

  Done         Proxy Certificate RFC

  Done         Cert Path Building approved as Informational RFC

  Done         CRMFbis approved as PROPOSED Standard RFC

  Done         CMPbis approved as PROPOSED Standard RFC

  Done         Principal Identifier approved as PROPOSED Standard RFC

  Done         Warranty Extensions approved as Informational RFC

  Done         Certificate Store approved as Informational RFC

  Done         PKIX Repository approved as Informational RFC

  Done         Subject Identification Method as Informational RFC

  Done         GOST Cryptographic Algorithms (RFC 4491)

  Done         Update to DirectoryString Processing for RFC 3280

  Done         Attribute Certificate Policies approved as PROPOSED Standard
               (RFC 4476)

  Oct 2006       Update to CMC approved as PROPOSED Standard

  Mar 2007       Progression of CMC RFCs to DRAFT Standard

  Mar 2007       Progression of Time Stamp Protocols RFC to DRAFT Standard

  Apr 2007       Progression of CRMF, CMP, and CMP Transport to DRAFT Standard

  Apr 2007       Progression of Qualified Certificates Profile RFC to DRAFT
               Standard

  Apr 2007       Progression of Certificate & CRL Profile RFC to DRAFT Standard

  Apr 2007       Progression of Logotype RFC to DRAFT Standard

  Apr 2007       SCVP approved as PROPOSED Standard RFC

  Apr 2007       ECC Algorithms approved as PROPOSED Standard RFC

  May 2007       Progression of Proxy Certificate RFC to DRAFT Standard

  May 2007       Progression of Attribute Certificate Profile RFC to DRAFT
               standard


Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Jun 1999 Jan 2007   <draft-ietf-pkix-scvp-31.txt>
               Server-based Certificate Validation Protocol (SCVP)

Mar 2001 Mar 2006   <draft-ietf-pkix-2797-bis-04.txt>
               Certificate Management Messages over CMS

Jul 2001 May 2006   <draft-ietf-pkix-cmc-trans-05.txt>
               Certificate Management over CMS (CMC) Transport Protocols

Jul 2001 Mar 2006   <draft-ietf-pkix-cmc-compl-03.txt>
               CMC Complience Document

Aug 2004 Oct 2006   <draft-ietf-pkix-ecc-pkalgs-03.txt>
               Additional Algorithms and Identifiers for use of Elliptic Curve
               Cryptography with PKIX

Oct 2004 Feb 2007   <draft-ietf-pkix-lightweight-ocsp-profile-08.txt>
               Lightweight OCSP Profile for High Volume Environments

Apr 2005 Dec 2006   <draft-ietf-pkix-rfc3280bis-07.txt>
               Internet X.509 Public Key Infrastructure Certificate and
               Certificate Revocation List (CRL) Profile

Sep 2005 Dec 2006   <draft-ietf-pkix-srvsan-04.txt>
               Internet X.509 Public Key Infrastructure Subject Alternative
               Name for expression of service name

Request For Comments:

 RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC2459 PS   Jan 1999    Internet X.509 Public Key Infrastructure Certificate and
                      CRL Profile

RFC2510 PS   Mar 1999    Internet X.509 Public Key Infrastructure Certificate
                      Management Protocols

RFC2511 PS   Mar 1999    Internet X.509 Certificate Request Message Format

RFC2527 I    Mar 1999    Internet X.509 Public Key Infrastructure Certificate
                      Policy and Certification Practices Framework

RFC2528 I    Mar 1999    Internet X.509 Public Key Infrastructure Representation
                      of Key Exchange Algorithm (KEA) Keys in Internet X.509
                      Public Key Infrastructure Certificates

RFC2559 PS   Apr 1999    Internet X.509 Public Key Infrastructure Operational
                      Protocols - LDAPv2

RFC2585 PS   May 1999    Internet X.509 Public Key Infrastructure Operational
                      Protocols: FTP and HTTP

RFC2587 PS   Jun 1999    Internet X.509 Public Key Infrastructure LDAPv2 Schema

RFC2560 PS   Jun 1999    X.509 Internet Public Key Infrastructure Online
                      Certificate Status Protocol - OCSP

RFC2797 PS   May 2000    Certificate Management Messages over CMS

RFC2875 PS   Jul 2000    Diffie-Hellman Proof-of-Possession Algorithms

RFC3039 PS   Jan 2001    Internet X.509 Public Key Infrastructure Qualified
                      Certificates Profile

RFC3029 E    Feb 2001    Internet X.509 Public Key Infrastructure Data Validation
                      and Certification Server Protocols

RFC3161 PS   Aug 2001    Internet X.509 Public Key Infrastructure Time Stamp
                      Protocols (TSP)

RFC3279 PS   May 2002    Algorithms and Identifiers for the Internet X.509 Public
                      Key Infrastructure Certificate and CRI Profile

RFC3280 PS   May 2002    Internet X.509 Public Key Infrastructure Certificate and
                      CRL Profile

RFC3281 PS   May 2002    An Internet Attribute Certificate Profile for
                      Authorization

RFC3379 I    Sep 2002    Delegated Path Validation and Delegated Path Discovery
                      Protocol Requirements

RFC3628 I    Nov 2003    Policy Requirements for Time-Stamping Authorities

RFC3647 I    Nov 2003    Internet X.509 Public Key Infrastructure Certificate
                      Policy and Certification Practices Framework

RFC3709Standard  Feb 2004    Internet X.509 Public Key Infrastructure: Logotypes in
                      X.509 certificates

RFC3739Standard  Mar 2004    Internet X.509 Public Key Infrastructure: Qualified
                      Certificates Profile

RFC3770Standard  May 2004    Certificate Extensions and Attributes Supporting
                      Authentication in PPP and Wireless LAN

RFC3779Standard  Jun 2004    X.509 Extensions for IP Addresses and AS Identifiers

RFC3820Standard  Jul 2004    Internet X.509 Public Key Infrastructure Proxy
                      Certificate Profile

RFC3874 I    Sep 2004    A 224-bit One-way Hash Function: SHA-224

RFC4059 I    May 2005    Internet X.509 Public Key Infrastructure Warranty
                      Certificate Extension

RFC4043Standard  May 2005    Internet X.509 Public Key Infrastructure Permanent
                      Identifier

RFC4055Standard  Jun 2005    Additional Algorithms and Identifiers for RSA
                      Cryptography for use in the Internet X.509 Public Key
                      Infrastructure Certificate and Certificate Revocation
                      List (CRL) Profile

RFC4158 I    Sep 2005    Internet X.509 Public Key Infrastructure: Certification
                      Path Building

RFC4210Standard  Oct 2005    Internet X.509 Public Key Infrastructure Certificate
                      Management Protocols

RFC4211Standard  Oct 2005    Internet X.509 Public Key Infrastructure Certificate
                      Request Message Format (CRMF)

RFC4325Standard  Dec 2005    Internet X.509 Public Key Infrastructure Authority
                      Information Access Certificate Revocation List (CRL)
                      Extension

RFC4334Standard  Feb 2006    Certificate Extensions and Attributes Supporting
                      Authentication in Point-to-Point Protocol (PPP) and
                      Wireless Local Area Networks (WLAN)

RFC4386 E    Feb 2006    Internet X.509 Public Key Infrastructure Repository
                      Locator Service

RFC4387Standard  Feb 2006    Internet X.509 Public Key Infrastructure Operational
                      Protocols: Certificate Store Access via HTTP

RFC4476 PS   May 2006    Attribute Certificate (AC) Policies Extension

RFC4491 PS   May 2006    Using the GOST R 34.10-94, GOST R 34.10-2001 and GOST R
                      34.11-94 algorithms with the Internet X.509 Public Key
                      Infrastructure Certificate and CRL Profile.

RFC4630 PS   Aug 2006    Update to DirectoryString Processing in the Internet
                      X.509 Public Key Infrastructure Certificate and
                      Certificate Revocation List (CRL) Profile

RFC4683 PS   Oct 2006    Internet X.509 Public Key Infrastructure Subject
                      Identification Method (SIM)

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.