OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ekmi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: Approval of document for submission to IEEE 1619.3 WG

Thank you, Matt.

You are absolutely correct about the discrepancy.  My
confusion between ASCII-encoded decimals and binary
caused the error.  My apologies.

The GKID, as specified in SKSML, is an ASCII-encoded decimal,
with a maximum length of 62-bytes*:

   20-bytes for DID (max value: 18446744073709551615)
   20-bytes for SID (max value: 18446744073709551615)
   20-bytes for KID (max value: 18446744073709551615)
   2 hyphens

The URI, as defined in IEEE 1619.3 WG document, is  68-bytes
after it includes the "ek://" prefix and the trailing "/".

I do need to point out that SKSML only specifies GKID as a
string with a maximum length of 62-bytes in the DID-SID-KID
format.  Since the 1619.3 WG is planning on working with
multiple KMs and has a need to distinguish between different
KM formats, we are assuming that the use of the IEEE URI
format ("ek://DID-SID-KID/") is anticipated to be supported
only by IEEE-compliant applications.  Please correct me if
this assumption is incorrect.

I will update our submission document and send out the new
link. Thanks for the clarification.

Arshad Noor
StrongAuth, Inc.

* The current DRAFT specification of SKSML does not include
the Domain ID (DID).  I am in the process of updating it, and
will be uploading it to the OASIS repository within the next
2-3 weeks.  I will notify you when it is uploaded.


Matt Ball wrote:
> Hi Group,
> 
> I would like to thank Arshad Noor and the rest of the EKMI group for 
> helping provide an EKMI namespace proposal for the P1619.3 group.  You 
> can find the proposal at this link:
> 
> http://www.oasis-open.org/committees/download.php/25671/P1619.3%20Name%20Space%20Subgroup%20Proposal%202007-08-24-Modified%20by%20AN-2007-10-11.doc
> 
> According to the proposal, an EKMI key identifier consists of the 
> concatenation of three parts:
> 
>    1. Domain Identifier (DID): An 8-byte Private Enterprise Number (PEN)
>       assigned by IANA
>    2. Server Identifier (SID): An 8-byte locally-assigned value that
>       identifies a particular key manager within the scope of the DID
>    3. Key Identifier (KID): An 8-byte locally-assigned value that
>       identifiers a particular key within the scope of the key manager
>       and DID.
> 
> The concatenate of all three of these fields, separated by hyphens (0x2D 
> ASCII) forms the EKMI Global Key Identifier (GKID), for a total of 27 
> bytes (according to the proposal).
> 
> Examples of an EKMI GKID:
> 
>     * ek://0-0-0/
>     * ek://10514-22-344342232/
>       **
>     * ek://18446744073709551615-18446744073709551615-18446744073709551615/
> 
> Commentary:  There's a minor discrepancy in this draft, where it's 
> unclear whether the GKID is represented in binary or ASCII-encoded 
> decimal.  Based on the examples, I'm assuming that the representation is 
> decimal, and that the actual size of the GKID is 20 characters, for a 
> range of 0 to 2^64-1 (8 binary bytes).  With this minor change, the 
> maximum size of the EKMI GKID becomes:
> 
> 5 bytes for prefix ('ek://')
> 3 * 20 bytes for each of DID, SID, and KID
> 2 hyphens
> 1 trailing slash
> 
> total = 68 bytes
> 
> 
> After we get this minor clarification, I was hoping Bob Lockhart could 
> incorporation this proposal into the latest NameSpace document.  I can 
> help as well, if needed.
> 
> We can discuss this proposal (among others) at the Jan 14th face-to-face 
> meeting in Santa Ana.
> 
> Thanks!
> -Matt
> 
> On Dec 16, 2007 7:46 PM, Arshad Noor < arshad.noor@strongauth.com 
> <mailto:arshad.noor@strongauth.com>> wrote:
> 
>     The ballot to approve the submission of EKMI TC's input into
>     the IEEE 1619.3 WG's work on their protocol, succeeded with
>     5 of 8 TC voting members voting "Yes".  Ballot details are at:
> 
>     http://www.oasis-open.org/apps/org/workgroup/ekmi/ballot.php?id=1399
> 
>     This document (at the following URL) is now being sent to
>     the Chair of the IEEE WG:
> 
>     http://www.oasis-open.org/committees/download.php/25671/P1619.3%20Name%20Space%20Subgroup%20Proposal%202007-08-24-Modified%20by%20AN-2007-10-11.doc
> 
>     Matt, please find enclosed the EKMI TC's input into your WG
>     efforts.  My apologies for the latency, but as Chair of your
>     own WG, I'm sure you understand that process takes precedence
>     over expedience in such matters.
> 
>     If you have any questions, please don't hesitate to contact me.
> 
>     Regards,
> 
>     Arshad Noor
>     StrongAuth, Inc.
> 
> 
> 
> 
> -- 
> Thanks!
> Matt Ball
> IEEE SISWG Chair
> 303-717-2717
> http://www.linkedin.com/in/matthewvball

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]