Nist Staff Member Co-Chairs Working Group Of The Internet Engineering Task Force - Brief Article

Journal of Research of the National Institute of Standards and Technology, Sept, 2000

A NIST staff member recently was selected as co-chair of the Public Key Infrastructure Using X.509 (PKIX) Working Group of the Internet Engineering Task Force (IETF). The IETF is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual. The IETF develops the protocols and standards needed to support the Internet. The actual technical work of the IETF is done in its working groups, which are organized by topic into several areas (e.g., routing, transport, security, etc.).

The PKIX Working Group was established in the fall of 1995 to develop Internet standards supporting an X.509-based public key infrastructure (PKI). Since its inception, the IETF has developed 11 standards refining and augmenting the X.509 certificate standard to meet the requirements for an Internet X.509 PKI. These standards include a profile of the X.509 version 3 certificates and version 2 certificate revocation lists (CRLs), protocols for issuing and revoking certificates, online certificate status mechanisms, protocols for retrieving certificates and CRLs from LDAP, FTP, and HTTP servers, and guidance for authors of certificate policies. These PKIX specifications are widely used by industry as the basis for product development.

PKIX is now focusing on additional standards work to develop protocols that are either integral to PKI management or that are otherwise closely related to PKI use. PKIX is defining conventions for certificate name forms and extension usage for "qualified certificates," certificates designed for use in (legally binding) non-repudiation contexts. A profile of the X.509 attribute certificate for Internet use is in development. Work is also under way on protocols for time stamping and data certification. These protocols are designed primarily to support non-repudiation, making use of certificates and CRLs, and are so tightly bound to PKI use that they warrant coverage under this working group.