Implementation Geographies Subworkgroup – Exchanging Trust Bundles
January 31, 2013
Attendees / Brian Ahier, Tom Davidson, Greg Meyer, Eric Heflin, Alice Nyberg, Dragon Bashyam, Wube, Barb Drechsel, Bruce Schreiber, Rim Cothren, Hugh Gilenson, Don Jorgenson, Mindy Montgomery, Umesh Madan, John Hall, Mark McClellan, Ragan Sappington, Scott Rea, Bob Lutolf, Laura, Ryan Panchadsaram, Vaibhav Bhandari, Anshuman MohapatraHighlights
· Umesh: Gateway setup
o The idea behind anchor resolution is you can set up an anchor resolution pipeline.
o .net uses and implementation of plug in resolvers. Java does something similar.
o To support bundle resolves we wrote two plugin resolvers.
o Multi Source – uses a bundle resolver.
o Given that bundles don’t change often you would probably want to set the cache for 2 hours4.
o All you need to do is deploy the health.direct.resolver DLL
o Greg has a similar code.
· Umesh: Bundle set up
o We have not upgraded the UI to support bundles yet.
o You can add a blue button bundle.
o Umesh followed the same model he did for anchors.
o To turn off the bundles you can mark them as disabled or remove them.
§ To remove a bundle it will take a bundle ID.
o All trust anchors and certs are stored in a central data base.
§ Under cert management Umesh added a new folder named bundles.
· Scott: It would appear that whoever is doing the configuring is making the decisions about what the bundle represents.
o Umesh: That is correct.
o If you are going to validate a signature it is not the code that Direct uses.
· The multi-source plugin resolver looks at two sources and combines them.
o The gateway accepts messages from anchors signed by anybody in the system.
o All new resolvers come in as plugins.
o A new release of the Direct.net gateway will be on Monday 2/4.
· Greg: A full release will be pushed out after the connect-a-thon.
o More will be automated.
o Direct Project is trying to hide the backend details as much as possible.
o The configuration UI was published to the public last week.
§ The new release included many new edits.
o Direct Project did not want to add multiple domains.
o An optional piece that can be added to the new trust bundle is a signing certificate.
o Everything goes on in the background when you add a bundle so you cannot see the backend.
· Scott: Management of trust bundles v. management of anchors once you’ve pulled down your trust bundle – is there any thought about being able to pull a bundle down and then selectively adding domains?
o Greg: Every anchor within a trust bundle meets the same criteria – so all anchors in a trust bundle should be able to be trusted. The short answer is no.
o If a HISP could always create their own trust bundle. Any consumer can do what they want with it.
· Greg: Domain
o Trust bundles can be added at the time of creating the domain.
o You could assign one trust bundle to different domains.
o To remove the bundle from the system, the code is smart enough to know to remove the trust bundle association from every domain.
o There are two different stores: One for anchors (like before) and one for trust bundles.
§ It is the exact same way .net is doing it.
o To validate you need to be in one circle of trust. An anchor can be any cert that matches.
o If you upgrade the server you don’t necessarily have to upgrade the client. It’s all backwards compatible.
o You can have anchors in different bundles.
· Don: If it couldn’t validate against the lower LOA trust bundle wouldn’t it continue and find the trust anchor anyway?
o The algorithm will keep looking until it finds one that matches.
o It would still require you to hit a minimum level.
· Dragon: Many modifications were made to the Implementation Guide.
o Enhanced sections to add Meta data.
o Made some changes on the signing requirements.
Action Items
· Review the Implementation Guide and post comments on the Wiki.
o Greg will make the next round of edits, then Umesh, then John Hall, then Scott Rea.