OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ekmi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Symmetric Key Response - Phil Hoyer, IETF KeyProv Suggestion

Hi all,
   we had agreed to incorporate Phil Hoyer's suggestion for the 
Symmetric Key Response pay load to have extensions to allow non-ekmi 
based systems to send responses back.

The original proposal is here: 
http://wiki.oasis-open.org/ekmi/CommentsReceivedForSKSMLReview

This is how the incorporation will be:

Regular SKSML Response Payload:

==================
<ekmi:SymkeyResponse xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01'
     xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<ekmi:Symkey>
<ekmi:SymkeyRequestID>10514-1-7476</ekmi:SymkeyRequestID>
<ekmi:GlobalKeyID>10514-1-235</ekmi:GlobalKeyID>
<ekmi:KeyUsePolicy>
<ekmi:KeyUsePolicyID>10514-4</ekmi:KeyUsePolicyID>
<ekmi:PolicyName>DES-EDE KeyUsePolicy</ekmi:PolicyName>
<ekmi:KeyClass>HR-Class</ekmi:KeyClass>
<ekmi:KeyAlgorithm> http://www.w3.org/2001/04/xmlenc#tripledes-cbc
</ekmi:KeyAlgorithm>
<ekmi:KeySize>192</ekmi:KeySize>
<ekmi:Status>Active</ekmi:Status>
<ekmi:Permissions>
                 ....
</ekmi:Permissions>
</ekmi:KeyUsePolicy>
<ekmi:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
<xenc:CipherData>
<xenc:CipherValue>
                 ....
</xenc:CipherData>
</ekmi:Symkey>
</ekmi:SymkeyResponse>

====================


An IETF KeyProv response embedded in the sym key response would look as 
follows:
====================
<ekmi:SymkeyResponse xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01'
     xmlns:xenc='http://www.w3.org/2001/04/xmlenc#' 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<KeyContainer Version="1.0" xmlns="urn:ietf:params:xml:ns:keyprov:pskc:1.0">
<Device>
<DeviceInfo>
<Manufacturer>aManufacturer</Manufacturer>
<SerialNo>10514-1-235</SerialNo>
</DeviceInfo>
<Key KeyAlgorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; 
KeyId="10514-1-235">
<Issuer>anIssuer</Issuer>
</Key>
</Device>
</KeyContainer>
</ekmi:SymkeyResponse>
========================

I think parsers are smart enough to figure out the payload and there is 
no need to add an additional indirection to
identify the type of payload contained inside the ekmi:SymkeyResponse

Regards,
Anil

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]