[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SKSML public review - comment - proposal to allow for different key payload containers and alignment with IETF PSKC
Ladies and Gentlemen, Having been made aware of the SKSML work by Arshad
Noor I wanted to comment on the current specification and make a proposal. I am the author of the PSKC spec (http://www.ietf.org/internet-drafts/draft-ietf-keyprov-portable-symmetric-key-container-06.txt)
which is part of the IETF ‘keyprov’ working group (http://www.ietf.org/html.charters/keyprov-charter.html)
that has some overlap with the work done for SKSML My main comment around SKSML is that it would be nice
to be able to define the type of payload container (where the key resides) that
is transported. This has several advantages:
One of the main reasons is that there could be
alignment of the payload between SKSML and the work that has been done in IETF
keyprov group. Especially I would suggest you to consider the work
that has been done on the PSKC spec which seems to satisfy most of the
requirements in SKSML and already has many implementers. The proposal could be to add one layer of abstraction
in the SymKeyResponse element which indicates the type of key container being
used: Example 1 – using SKSML
container <ekmi:SymkeyResponse xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'> <ekmi:SymkeyContainer
type=” http://docs.oasis-open.org/ekmi/2008/01”> <ekmi:SymkeyList> <ekmi:Symkey> <ekmi:GlobalKeyID>10514-1-235</ekmi:GlobalKeyID> <ekmi:KeyUsePolicy> <ekmi:KeyUsePolicyID>10514-4</ekmi:KeyUsePolicyID> …… Example 2 – using PSKC container <ekmi:SymkeyResponse xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'> <ekmi:SymkeyContainer
type=”urn:ietf:params:xml:ns:keyprov:pskc:1.0”> <KeyContainer
Version="1.0" xmlns="urn:ietf:params:xml:ns:keyprov:pskc:1.0"> <Device>
<DeviceInfo>
<Manufacturer>aManufacturer</Manufacturer>
<SerialNo>10514-1-235</SerialNo>
</DeviceInfo>
<Key KeyAlgorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
KeyId="10514-1-235">
<Issuer>anIssuer</Issuer> ……. Looking forward to your feedback and please do not
hesitate to contact me for further clarificatons, Philip ________________________________ Philip Hoyer Senior Architect - Office of
CTO ActivIdentity ( Telephone: +44 (0) 20 7960
0220 Fax: +44 (0) 20 7902 1985 Private and confidential:
This message and any attachments may contain privileged / confidential
information. If you are not an intended recipient, you must not copy,
distribute, discuss or take any action in reliance on it. If you have received this
communication in error, please notify the sender and delete this message
immediately. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]