14:31:47 <flock-ectr112> #startmeeting
14:31:47 <zodbot> Meeting started Sun Aug 11 14:31:47 2013 UTC.  The chair is flock-ectr112. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:31:47 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:32:35 <flock-ectr112> #topic Introduction to PKI
14:32:55 <flock-ectr112> Oops, I didn't mean to change the topic
14:33:40 <flock-ectr112> #topic  http://youtu.be/OvAdCxvPjmM | Talks in this room cover security, infrastructure, marketing, and other topics | Room schedule: http://flock2013.sched.org/venue/ECTR+112
14:36:04 <flock-ectr112> Ade talking about the "need" for ID..
14:36:57 <flock-ectr112> (Taking an example of a driver's license, and elaborating on the trust aspects)
14:37:55 <flock-ectr112> #info Concept of a digital certificate
14:39:22 <flock-ectr112> A Digital certificate involves: An Issuing Authority, Valid Identity, Identifier, its Purposes, the Authority's Signature
14:40:43 <flock-ectr112> Now the concept of a Public/Private Keys in discussion..
14:41:40 <flock-ectr112> The essential problem Public Key Crypto solves - Key Distribution..
14:42:01 <flock-ectr112> Use case discussion: Secure Web Browsing
14:44:15 <flock-ectr112> Use case 2: Client authentication
14:45:05 <flock-ectr112> Use case 3: Email Encryption
14:49:14 <flock-ectr112> Discussion of OCSP
14:49:23 <flock-ectr112> Online Certificate Status Protocol
14:49:46 <flock-ectr112> Used to /verify/ the validity of a digital certificate.
14:51:09 <flock-ectr112> #info Dogtag Certificate system
14:52:15 <flock-ectr112> A security framework to handle full life cycle of X.509 certificates
14:52:33 <flock-ectr112> (Includeds issuance, renewal, revocation, publishing, private key escrow and token management)
14:52:58 <flock-ectr112> Brief discussion about Common Criteria, and how hard it is to attain, and what's usually involved in it.
14:54:12 <flock-ectr112> A bit of run through of Dogtag History, starting from Netscape days..
14:55:11 <flock-ectr112> Features discussion - Ability to create/manage certificates, deploy-ability, scale-ability, Root CAs, Subordinate CAs and plenty more.
14:56:59 <flock-ectr112> More features:
14:57:10 <flock-ectr112> Publishing of certificates (to file, LDAP)
14:57:40 <flock-ectr112> CRLs, OCSP, Encryption, Key escrow and recovery, etc.
14:59:27 <flock-ectr112> Discussion of Dogtag Components
14:59:46 <flock-ectr112> Certificate Manager; OCSP Responder; Data Recovery Manager;
15:00:43 <flock-ectr112> Token Management involves - Token Key Service, Certificate Manager, Enterprise Security Client.
15:02:14 <flock-ectr112> #link Installing Dogtag:  https://www.youtube.com/watch?v=C3eEIJAz7IU
15:03:19 <flock-ectr112> Discussion about - Certificate Enrollment with Key Archival
15:04:40 <flock-ectr112> A brief demonstration of Dogtag's End Entities interface
15:04:57 <flock-ectr112> And a walk through of enrolling a user certificate
15:10:59 <flock-ectr112> Discussion of what's upcoming:  a new RESTful interface
15:12:37 <flock-ectr112> Discussion of REST Resources on the CA subsystem
15:13:55 <flock-ectr112> A note on writing client code for REST Interface
15:14:16 <flock-ectr112> Discussion of REST Resources on the DRM (Data Recovery Manager) subsystem
15:15:37 <flock-ectr112> Future Directions:
15:15:48 <flock-ectr112> Dogtag 10.1 scheduled for Fedora20
15:16:16 <flock-ectr112> FreeIPA integration, Rewrite TPS as a Java component residing in a tomcat instance
15:16:35 <flock-ectr112> Resources:  #dogtag-pki on Freenode
15:17:02 <flock-ectr112> And mailing lists (can be found on the slides)
15:18:34 <flock-ectr112> #endmeeting