Attendees

Phil Benchoff
Susan Brooker-Gross
Al Cooper
Mary Dunker
Frank Galligan
Kevin Rooney
Greg Kroll
Randy Marchany
Ismael Alaoui

Agenda

1. Continue viewing the eProv presentation, answering questions where possible.
2. Discuss invitations to users to participate in focus group meetings.
3. Background Questions 6, 12, 17, 20, 24 are pending or unanswered.

Meeting Notes

1. Continue viewing the eProv presentation, answering questions where possible.
   1. key pair = key set
   2. will have one key pair but may have multiple certificates associated with that key pair
   3. Renewal: we may want to consider a time limit beyond which you cannot renew an expired certificate unless:
      • renewal is done using face-to-face registration
      • if remote renewal is used the user will need a new key pair
   4. Recover: e.g., forgot password; private key was lost because erased from computer
   5. Revoke: e.g., compromised key pair; user revoking their own key pair
   6. Out of Band: we need policy & procedures to handle
      • please see discussion on Key Retrieval
   7. Departmental key pairs & certificates are out of scope form this project. This project is for personal digital certificates.
   8. Someone gets hit by a bus scenario & discussion
      1. This is handled out of band.
      2. Basically the process would be (1) recover keys, (2) decrypt, (3) issue new key pair to someone if necessary.
      3. Ish explained that this would be a manual process and would probably play out like this. Recover the key pair. The new user submits a CSR via another process to generate a new certificate in their name with their personal information. The result is a new certificate using the old key pair.
      4. We need to get Internal Audit opinion on this.
      5. From a departmental standpoint they want to keep their business processes going without major disruption.
   9. How will someone get the recipients public key in order to send them an encrypted e-mail or file?
      • Can/Should we publish the public key to the Enterprise Directory? Registry? We could publish the keys to the Enterprise Directory as a future enhancement, as that functionality adds complexity to the project, and it is possible to encrypt e-mail by asking the recipient to send their certificate (containing public key) to the sender.
   10. InCommon Silver Profile
       1. See Mary's comment on the home page.
       2. Also see Mary's comment below on this page.
       3. Very desirable.
       4. If we go for this it will influence application design and implementation.
       5. We may not be able to use EJBCA for the end-user interface because of the requirements for InCommon Silver.
   11. We need to begin discussing requirements for face-to-face registration.
       1. Need usage scenarios.
   12. Other stakeholders that need to be brought in soon are (1) Internal Audit, and (2) Jerry Palmer from Records Retention.