To: authppg@list.stanford.edu cc: khanna@jessica.Stanford.EDU, devh@um.cc.umich.edu, GJackson@mit.edu, hdl2@cornell.edu Subject: Auth PPG, Next Step Date: Fri, 30 Sep 1994 17:51:39 -0700 From: Raman Khanna Folks, You did a great job and now get ready to pay the price! As I mentioned in my message earlier, everybody liked the recommendations made by AuthPPG group. There is a good chance that CREN will fund the next step. Here is my understanding of what we are supposed to finish by end of October. Doug, Dave, and Greg will pitch in if they think that I missed something. Also I am assuming that Doug, Dave, and Greg will work out arrangements at their institutions so that Ted Ts'o, Ted Hanss, Tom Dimock, and John Vollbrecht can devote some of their time to this effort. Since Jeff did such a great job the last time, he has volunteered(!!) to take input from the group and compile the plan. A. 1. Prepare an informal business plan to provide a well-coded and well documented PGP key signing server package (kerberos V4) 2. Provide an estimate of staff/funds needed to help other institutions install the key signing server. 3. Funding required for a proof of concept/demonstration project among 4-5 institutions to demonstrate the ability to exchange keys. 4. A brief description of expertise and staffing needed to support this service at an institution. Assumption: this phase is to be completed by May 30, 1995 B. 1. Recommend a short list of e-mail packages that could/should be modified to work with PGP. This should include the preferable option of convincing the vendor to do the work. An estimate of work required to modify a public-domain e-mail package. (I am already trying a convince Z-code to add PGP support to Z-mail) 2. Any other killer applications that can take advantage of PGP. C. I am assuming that this can happen later. 1. Prepare an informal business plan to provide a well-documented DCE Kerberos - Kerberos V4 & V5 ticket interchange package. 2. Provide an estimate of staff/funds needed to help other institutions install this server. My understanding is that MIT is the hub of activity for this project. I will be very open to the idea of funding these activities at MIT. Ted Hanss might have some ideas about the role CITI can play. The plan is to forward this proposal/business plan to Common Solutions Group by E-mail and start a brief online dialogue to answer any questions/concerns. One concern presented to me was regarding IETF's stance on PGP. CSG as a whole did not think that it was a big concern. Please feel free to challenge the next steps described here. I am assuming that Doug, Dave, and Greg will partipate in this dialogue. best raman