Re: [ekmi-comment] SKSML public review - comment - proposal to allowfor different key payload containers and alignment with IETF PSKC

[Tomas Gustavsson <tomas@primekey.se>]

On all days except friday it's OK with me.

Regards,
Tomas


Pei, Mingliang skrev:
> I am in PST time zone (San Francisco area). Would 5-6pm CET (7-8am PST)
> work in one the preferred days? Thanks,
> 
> - Ming
> 
>> -----Original Message-----
>> From: Tomas Gustavsson [mailto:tomas@primekey.se] 
>> Sent: Monday, February 09, 2009 5:56 AM
>> To: Philip Hoyer
>> Cc: Arshad Noor; Pei, Mingliang; Hannes Tschofenig; 
>> andrea.doherty@rsa.com; ekmi-comment@lists.oasis-open.org; 
>> ekmi; keyprov@ietf.org; Hallam-Baker, Phillip
>> Subject: Re: [ekmi-comment] SKSML public review - comment - 
>> proposal to allow for different key payload containers and 
>> alignment with IETF PSKC
>>
>>
>> Wednesday 11/2, Thursday 12/2 or friday 13/2, between 2pm and 5pm CET.
>> Next week monday or wednesday or good.
>>
>> Regards,
>> Tomas
>>
>>
>> Philip Hoyer wrote:
>>> Tomas,
>>> Could you provide us with a couple of dates that work for you so we 
>>> can try to proceed with this.
>>>
>>> Thanks,
>>> Philip
>>>
>>> -----Original Message-----
>>> From: Tomas Gustavsson [mailto:tomas@primekey.se]
>>> Sent: Monday, January 26, 2009 1:53 PM
>>> To: Philip Hoyer
>>> Cc: Arshad Noor; Pei, Mingliang; Hannes Tschofenig; 
>>> andrea.doherty@rsa.com; ekmi-comment@lists.oasis-open.org; ekmi; 
>>> keyprov@ietf.org; Hallam-Baker, Phillip
>>> Subject: Re: [ekmi-comment] SKSML public review - comment - 
>> proposal 
>>> to allow for different key payload containers and alignment 
>> with IETF 
>>> PSKC
>>>
>>>
>>> Hi,
>>>
>>> The week commencing 2/2 is impossible for my unfortunately 
>> as I'm in 
>>> Oslo for a conference. Any week after that will be fine.
>>>
>>> Regards,
>>> Tomas
>>>
>>>
>>> Philip Hoyer skrev:
>>>> Arshad and Tomas, Andrea, Ming and Hannes, Could we agree 
>> on a date 
>>>> for presenting you DSKPP and PSKC. Which
>>> dates
>>>> for week commencing 2/2 will work for all?
>>>>
>>>> Philip
>>>>
>>>> -----Original Message-----
>>>> From: Arshad Noor [mailto:arshad.noor@strongauth.com]
>>>> Sent: Tuesday, January 13, 2009 5:32 PM
>>>> To: Philip Hoyer
>>>> Cc: ekmi-comment@lists.oasis-open.org; ekmi; 
>> keyprov@ietf.org; Hannes 
>>>> Tschofenig; Hallam-Baker, Phillip; Pei, Mingliang; 
>>>> andrea.doherty@rsa.com; Tomas Gustavsson
>>>> Subject: Re: [ekmi-comment] SKSML public review - comment 
>> - proposal
>>> to
>>>> allow for different key payload containers and alignment with IETF
>>> PSKC
>>>> Hi Philip,
>>>>
>>>> Tomas Gustaavson of Primekey in Sweden, has agreed to lead 
>> the effort 
>>>> from the EKMI TC to understand the KEYPROV work, and the ways in 
>>>> which KEYPROV and EKMI might overlap and work together.  
>> He (and any 
>>>> other TC members who volunteer to work with him on this) 
>> will make a 
>>>> recommendation to the TC on what we should do.
>>>>
>>>> I will participate in the KEYPROV presentation & discussions 
>>>> (schedule permitting), but I will let Tomas drive the schedule and 
>>>> respond with dates convenient to him.  Except for the 
>> morning of the 
>>>> 23rd, I am open both weeks.
>>>>
>>>> Thanks.
>>>>
>>>> Arshad
>>>>
>>>> Philip Hoyer wrote:
>>>>> Arshad,
>>>>> We would be available to discuss and webex present Tuesday-Friday
>>> week
>>>>> commencing 19/1 and then the Monday 26th or Friday 30th.
>>>>>
>>>>> Would any such dates suite you and if not could you come back with
>>>> some
>>>>> candidate dates in February for us to consider.
>>>>>
>>>>> Thanks,
>>>>> Philip
>>>>>
>>>>> -----Original Message-----
>>>>> From: Arshad Noor [mailto:arshad.noor@strongauth.com]
>>>>> Sent: Saturday, January 03, 2009 12:25 AM
>>>>> To: Philip Hoyer
>>>>> Cc: ekmi-comment@lists.oasis-open.org; ekmi
>>>>> Subject: Re: [ekmi-comment] SKSML public review - comment 
>> - proposal
>>>> to
>>>>> allow for different key payload containers and alignment with IETF
>>>> PSKC
>>>>> Philip,
>>>>>
>>>>> Thank you very much for your comments on the DRAFT 
>> specification of 
>>>>> SKSML, and the potential to include the DSKPP 
>> key-container within 
>>>>> SKSML.
>>>>>
>>>>> The Technical Committee has agreed to begin discussions with you 
>>>>> (and/or other members of KEYPROV) to understand the 
>> implications of 
>>>>> this change.
>>>>>
>>>>> A small group of TC members would like to start understanding the 
>>>>> details of DSKPP, how it fits in with SKSML and its 
>> impact on SKSML.  
>>>>> Please let us know how you would like to begin - I imagine a 
>>>>> web-presentation from you on the current DSKPP architecture and 
>>>>> mechanics would be the appropriate first step.
>>>>>
>>>>> The TC has also decided that since there were no objections from 
>>>>> anyone in the Public Review to the current SKSML DRAFT 
>>>>> specification, it will move forward with a ballot to 
>> designate the 
>>>>> DRAFT as a Committee Specification.  This is not an OASIS 
>> standard.  
>>>>> That may be many months away - which gives us the time to 
>> understand 
>>>>> the DSKPP technology, and the opportunity to include the 
>>>>> key-container (if the TC votes for it) before SKSML 
>> becomes an OASIS standard.
>>>>> Let me know some convenient dates and times when you 
>> might be able 
>>>>> to provide that web-presentation.  We should have a 
>> sub-group named 
>>>>> by the 20th of January (our monthly TC meeting), so any 
>> time after 
>>>>> that would be appropriate.
>>>>>
>>>>> Regards and a happy new year.
>>>>>
>>>>> Arshad Noor
>>>>> StrongAuth, Inc.
>>>>>
>>>>> Philip Hoyer wrote:
>>>>>> Ladies and Gentlemen,
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Having been made aware of the SKSML work by Arshad Noor 
>> I wanted to 
>>>>>> comment on the current specification and make a proposal.
>>>>>>
>>>>>>  
>>>>>>
>>>>>> I am the author of the PSKC spec
>>>>>>
>> (http://www.ietf.org/internet-drafts/draft-ietf-keyprov-portable-symme
>>> tr
>>>>> ic-key-container-06.txt)
>>>>>> which is part of the IETF 'keyprov' working group
>>>>>> (http://www.ietf.org/html.charters/keyprov-charter.html) that has
>>>> some
>>>>>> overlap with the work done for SKSML
>>>>>>
>>>>>>  
>>>>>>
>>>>>> My main comment around SKSML is that it would be nice to 
>> be able to 
>>>>>> define the type of payload container (where the key 
>> resides) that 
>>>>>> is
>>>>>> transported.
>>>>>>
>>>>>>  
>>>>>>
>>>>>> This has several advantages:
>>>>>>
>>>>>>    1. It decouples the protocol to obtain  the keys from the 
>>>>>> payload
>>>>> to
>>>>>>       transfer the keys
>>>>>>    2. it allows for several different containers to be 
>> transported
>>>>> with
>>>>>>       the same protocol
>>>>>>    3. It allows extensions to the payload to have a separate
>>>> lifecycle
>>>>>>       to the protocol
>>>>>>    4. It will allow profiling of payloads for key 
>> related meta-data
>>>>> not
>>>>>>       yet considered by the spec
>>>>>>
>>>>>>  
>>>>>>
>>>>>> One of the main reasons is that there could be alignment of the
>>>>> payload
>>>>>> between SKSML and the work that has been done in IETF 
>> keyprov group.
>>>>>>  
>>>>>>
>>>>>> Especially I would suggest you to consider the work that has been
>>>> done
>>>>>> on the PSKC spec which seems to satisfy most of the 
>> requirements in 
>>>>>> SKSML and already has many implementers.
>>>>>>
>>>>>>  
>>>>>>
>>>>>> The proposal could be to add one layer of abstraction in the 
>>>>>> SymKeyResponse element which indicates the type of key container
>>>> being
>>>>> used:
>>>>>>  
>>>>>>
>>>>>> Example 1 - using SKSML container
>>>>>>
>>>>>>  
>>>>>>
>>>>>> <ekmi:SymkeyResponse
>>>>>>  xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01' 
>>>>>>  xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
>>>>>>
>>>>>> <ekmi:SymkeyContainer type="
>>>> http://docs.oasis-open.org/ekmi/2008/01";>
>>>>>> <ekmi:SymkeyList>
>>>>>>
>>>>>> <ekmi:Symkey>
>>>>>>
>>>>>>  <ekmi:GlobalKeyID>*10514-1-235*</ekmi:GlobalKeyID>
>>>>>>
>>>>>> <ekmi:KeyUsePolicy>
>>>>>>
>>>>>> <ekmi:KeyUsePolicyID>10514-4</ekmi:KeyUsePolicyID>
>>>>>>
>>>>>> ......
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Example 2 - using PSKC container
>>>>>>
>>>>>>  
>>>>>>
>>>>>> <ekmi:SymkeyResponse
>>>>>>  xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01' 
>>>>>>  xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
>>>>>>
>>>>>> <ekmi:SymkeyContainer
>>> type="urn:ietf:params:xml:ns:keyprov:pskc:1.0">
>>>>>>                         <KeyContainer Version="1.0" 
>>>>>> xmlns="urn:ietf:params:xml:ns:keyprov:pskc:1.0">
>>>>>>
>>>>>>     <Device>
>>>>>>
>>>>>>         <DeviceInfo>
>>>>>>
>>>>>>             <Manufacturer>aManufacturer</Manufacturer>
>>>>>>
>>>>>>             <SerialNo>*10514-1-235*</SerialNo>
>>>>>>
>>>>>>         </DeviceInfo>
>>>>>>
>>>>>>         <Key
>>>>> KeyAlgorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
>>>>>>         KeyId="*10514-1-235*">
>>>>>>
>>>>>>             <Issuer>anIssuer</Issuer>
>>>>>>
>>>>>>                                     .......
>>>>>>
>>>>>>  
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Looking forward to your feedback and please do not hesitate to
>>>> contact
>>>>>> me for further clarificatons,
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Philip
>>>>>>
>>>>>>  
>>>>>>
>>>>>> ________________________________
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Philip Hoyer
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Senior Architect - Office of CTO
>>>>>>
>>>>>>  
>>>>>>
>>>>>> ActivIdentity (UK)
>>>>>>
>>>>>> 117 Waterloo Road
>>>>>>
>>>>>> London SE1 8UL
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Telephone: +44 (0) 20 7960 0220
>>>>>>
>>>>>> Fax: +44 (0) 20 7902 1985
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Private and confidential: This message and any attachments may
>>>> contain
>>>>>> privileged / confidential information. If you are not an intended
>>>>> recipient,
>>>>>> you must not copy, distribute, discuss or take any action in
>>> reliance
>>>>> on it.
>>>>>> If you have received this communication in error, please 
>> notify the
>>>>> sender
>>>>>> and delete this message immediately.
>>>>>>
>>>>>>  
>>>>>>
>>