RE: [ekmi-comment] SKSML public review - comment - proposal to allow for different key payload containers and alignment with IETF PSKC

["Philip Hoyer" <philip.hoyer@actividentity.com>]

All,
Should we aim at Thursday then?

Is anyone else available besides myself and Ming? Hannes? Andrea?

Tomas do you have any specific agenda points in minds or are you happy
with this first call to get an overview of DSKPP and PSKC

Philip

-----Original Message-----
From: Tomas Gustavsson [mailto:tomas@primekey.se] 
Sent: Tuesday, February 10, 2009 7:43 AM
To: Pei, Mingliang
Cc: Philip Hoyer; Arshad Noor; Hannes Tschofenig;
andrea.doherty@rsa.com; ekmi-comment@lists.oasis-open.org; ekmi;
keyprov@ietf.org; Hallam-Baker, Phillip
Subject: Re: [ekmi-comment] SKSML public review - comment - proposal to
allow for different key payload containers and alignment with IETF PSKC


On all days except friday it's OK with me.

Regards,
Tomas


Pei, Mingliang skrev:
> I am in PST time zone (San Francisco area). Would 5-6pm CET (7-8am
PST)
> work in one the preferred days? Thanks,
> 
> - Ming
> 
>> -----Original Message-----
>> From: Tomas Gustavsson [mailto:tomas@primekey.se] 
>> Sent: Monday, February 09, 2009 5:56 AM
>> To: Philip Hoyer
>> Cc: Arshad Noor; Pei, Mingliang; Hannes Tschofenig; 
>> andrea.doherty@rsa.com; ekmi-comment@lists.oasis-open.org; 
>> ekmi; keyprov@ietf.org; Hallam-Baker, Phillip
>> Subject: Re: [ekmi-comment] SKSML public review - comment - 
>> proposal to allow for different key payload containers and 
>> alignment with IETF PSKC
>>
>>
>> Wednesday 11/2, Thursday 12/2 or friday 13/2, between 2pm and 5pm
CET.
>> Next week monday or wednesday or good.
>>
>> Regards,
>> Tomas
>>
>>
>> Philip Hoyer wrote:
>>> Tomas,
>>> Could you provide us with a couple of dates that work for you so we 
>>> can try to proceed with this.
>>>
>>> Thanks,
>>> Philip
>>>
>>> -----Original Message-----
>>> From: Tomas Gustavsson [mailto:tomas@primekey.se]
>>> Sent: Monday, January 26, 2009 1:53 PM
>>> To: Philip Hoyer
>>> Cc: Arshad Noor; Pei, Mingliang; Hannes Tschofenig; 
>>> andrea.doherty@rsa.com; ekmi-comment@lists.oasis-open.org; ekmi; 
>>> keyprov@ietf.org; Hallam-Baker, Phillip
>>> Subject: Re: [ekmi-comment] SKSML public review - comment - 
>> proposal 
>>> to allow for different key payload containers and alignment 
>> with IETF 
>>> PSKC
>>>
>>>
>>> Hi,
>>>
>>> The week commencing 2/2 is impossible for my unfortunately 
>> as I'm in 
>>> Oslo for a conference. Any week after that will be fine.
>>>
>>> Regards,
>>> Tomas
>>>
>>>
>>> Philip Hoyer skrev:
>>>> Arshad and Tomas, Andrea, Ming and Hannes, Could we agree 
>> on a date 
>>>> for presenting you DSKPP and PSKC. Which
>>> dates
>>>> for week commencing 2/2 will work for all?
>>>>
>>>> Philip
>>>>
>>>> -----Original Message-----
>>>> From: Arshad Noor [mailto:arshad.noor@strongauth.com]
>>>> Sent: Tuesday, January 13, 2009 5:32 PM
>>>> To: Philip Hoyer
>>>> Cc: ekmi-comment@lists.oasis-open.org; ekmi; 
>> keyprov@ietf.org; Hannes 
>>>> Tschofenig; Hallam-Baker, Phillip; Pei, Mingliang; 
>>>> andrea.doherty@rsa.com; Tomas Gustavsson
>>>> Subject: Re: [ekmi-comment] SKSML public review - comment 
>> - proposal
>>> to
>>>> allow for different key payload containers and alignment with IETF
>>> PSKC
>>>> Hi Philip,
>>>>
>>>> Tomas Gustaavson of Primekey in Sweden, has agreed to lead 
>> the effort 
>>>> from the EKMI TC to understand the KEYPROV work, and the ways in 
>>>> which KEYPROV and EKMI might overlap and work together.  
>> He (and any 
>>>> other TC members who volunteer to work with him on this) 
>> will make a 
>>>> recommendation to the TC on what we should do.
>>>>
>>>> I will participate in the KEYPROV presentation & discussions 
>>>> (schedule permitting), but I will let Tomas drive the schedule and 
>>>> respond with dates convenient to him.  Except for the 
>> morning of the 
>>>> 23rd, I am open both weeks.
>>>>
>>>> Thanks.
>>>>
>>>> Arshad
>>>>
>>>> Philip Hoyer wrote:
>>>>> Arshad,
>>>>> We would be available to discuss and webex present Tuesday-Friday
>>> week
>>>>> commencing 19/1 and then the Monday 26th or Friday 30th.
>>>>>
>>>>> Would any such dates suite you and if not could you come back with
>>>> some
>>>>> candidate dates in February for us to consider.
>>>>>
>>>>> Thanks,
>>>>> Philip
>>>>>
>>>>> -----Original Message-----
>>>>> From: Arshad Noor [mailto:arshad.noor@strongauth.com]
>>>>> Sent: Saturday, January 03, 2009 12:25 AM
>>>>> To: Philip Hoyer
>>>>> Cc: ekmi-comment@lists.oasis-open.org; ekmi
>>>>> Subject: Re: [ekmi-comment] SKSML public review - comment 
>> - proposal
>>>> to
>>>>> allow for different key payload containers and alignment with IETF
>>>> PSKC
>>>>> Philip,
>>>>>
>>>>> Thank you very much for your comments on the DRAFT 
>> specification of 
>>>>> SKSML, and the potential to include the DSKPP 
>> key-container within 
>>>>> SKSML.
>>>>>
>>>>> The Technical Committee has agreed to begin discussions with you 
>>>>> (and/or other members of KEYPROV) to understand the 
>> implications of 
>>>>> this change.
>>>>>
>>>>> A small group of TC members would like to start understanding the 
>>>>> details of DSKPP, how it fits in with SKSML and its 
>> impact on SKSML.  
>>>>> Please let us know how you would like to begin - I imagine a 
>>>>> web-presentation from you on the current DSKPP architecture and 
>>>>> mechanics would be the appropriate first step.
>>>>>
>>>>> The TC has also decided that since there were no objections from 
>>>>> anyone in the Public Review to the current SKSML DRAFT 
>>>>> specification, it will move forward with a ballot to 
>> designate the 
>>>>> DRAFT as a Committee Specification.  This is not an OASIS 
>> standard.  
>>>>> That may be many months away - which gives us the time to 
>> understand 
>>>>> the DSKPP technology, and the opportunity to include the 
>>>>> key-container (if the TC votes for it) before SKSML 
>> becomes an OASIS standard.
>>>>> Let me know some convenient dates and times when you 
>> might be able 
>>>>> to provide that web-presentation.  We should have a 
>> sub-group named 
>>>>> by the 20th of January (our monthly TC meeting), so any 
>> time after 
>>>>> that would be appropriate.
>>>>>
>>>>> Regards and a happy new year.
>>>>>
>>>>> Arshad Noor
>>>>> StrongAuth, Inc.
>>>>>
>>>>> Philip Hoyer wrote:
>>>>>> Ladies and Gentlemen,
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Having been made aware of the SKSML work by Arshad Noor 
>> I wanted to 
>>>>>> comment on the current specification and make a proposal.
>>>>>>
>>>>>>  
>>>>>>
>>>>>> I am the author of the PSKC spec
>>>>>>
>>
(http://www.ietf.org/internet-drafts/draft-ietf-keyprov-portable-symme
>>> tr
>>>>> ic-key-container-06.txt)
>>>>>> which is part of the IETF 'keyprov' working group
>>>>>> (http://www.ietf.org/html.charters/keyprov-charter.html) that has
>>>> some
>>>>>> overlap with the work done for SKSML
>>>>>>
>>>>>>  
>>>>>>
>>>>>> My main comment around SKSML is that it would be nice to 
>> be able to 
>>>>>> define the type of payload container (where the key 
>> resides) that 
>>>>>> is
>>>>>> transported.
>>>>>>
>>>>>>  
>>>>>>
>>>>>> This has several advantages:
>>>>>>
>>>>>>    1. It decouples the protocol to obtain  the keys from the 
>>>>>> payload
>>>>> to
>>>>>>       transfer the keys
>>>>>>    2. it allows for several different containers to be 
>> transported
>>>>> with
>>>>>>       the same protocol
>>>>>>    3. It allows extensions to the payload to have a separate
>>>> lifecycle
>>>>>>       to the protocol
>>>>>>    4. It will allow profiling of payloads for key 
>> related meta-data
>>>>> not
>>>>>>       yet considered by the spec
>>>>>>
>>>>>>  
>>>>>>
>>>>>> One of the main reasons is that there could be alignment of the
>>>>> payload
>>>>>> between SKSML and the work that has been done in IETF 
>> keyprov group.
>>>>>>  
>>>>>>
>>>>>> Especially I would suggest you to consider the work that has been
>>>> done
>>>>>> on the PSKC spec which seems to satisfy most of the 
>> requirements in 
>>>>>> SKSML and already has many implementers.
>>>>>>
>>>>>>  
>>>>>>
>>>>>> The proposal could be to add one layer of abstraction in the 
>>>>>> SymKeyResponse element which indicates the type of key container
>>>> being
>>>>> used:
>>>>>>  
>>>>>>
>>>>>> Example 1 - using SKSML container
>>>>>>
>>>>>>  
>>>>>>
>>>>>> <ekmi:SymkeyResponse
>>>>>>  xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01' 
>>>>>>  xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
>>>>>>
>>>>>> <ekmi:SymkeyContainer type="
>>>> http://docs.oasis-open.org/ekmi/2008/01";>
>>>>>> <ekmi:SymkeyList>
>>>>>>
>>>>>> <ekmi:Symkey>
>>>>>>
>>>>>>  <ekmi:GlobalKeyID>*10514-1-235*</ekmi:GlobalKeyID>
>>>>>>
>>>>>> <ekmi:KeyUsePolicy>
>>>>>>
>>>>>> <ekmi:KeyUsePolicyID>10514-4</ekmi:KeyUsePolicyID>
>>>>>>
>>>>>> ......
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Example 2 - using PSKC container
>>>>>>
>>>>>>  
>>>>>>
>>>>>> <ekmi:SymkeyResponse
>>>>>>  xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01' 
>>>>>>  xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
>>>>>>
>>>>>> <ekmi:SymkeyContainer
>>> type="urn:ietf:params:xml:ns:keyprov:pskc:1.0">
>>>>>>                         <KeyContainer Version="1.0" 
>>>>>> xmlns="urn:ietf:params:xml:ns:keyprov:pskc:1.0">
>>>>>>
>>>>>>     <Device>
>>>>>>
>>>>>>         <DeviceInfo>
>>>>>>
>>>>>>             <Manufacturer>aManufacturer</Manufacturer>
>>>>>>
>>>>>>             <SerialNo>*10514-1-235*</SerialNo>
>>>>>>
>>>>>>         </DeviceInfo>
>>>>>>
>>>>>>         <Key
>>>>> KeyAlgorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
>>>>>>         KeyId="*10514-1-235*">
>>>>>>
>>>>>>             <Issuer>anIssuer</Issuer>
>>>>>>
>>>>>>                                     .......
>>>>>>
>>>>>>  
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Looking forward to your feedback and please do not hesitate to
>>>> contact
>>>>>> me for further clarificatons,
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Philip
>>>>>>
>>>>>>  
>>>>>>
>>>>>> ________________________________
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Philip Hoyer
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Senior Architect - Office of CTO
>>>>>>
>>>>>>  
>>>>>>
>>>>>> ActivIdentity (UK)
>>>>>>
>>>>>> 117 Waterloo Road
>>>>>>
>>>>>> London SE1 8UL
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Telephone: +44 (0) 20 7960 0220
>>>>>>
>>>>>> Fax: +44 (0) 20 7902 1985
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Private and confidential: This message and any attachments may
>>>> contain
>>>>>> privileged / confidential information. If you are not an intended
>>>>> recipient,
>>>>>> you must not copy, distribute, discuss or take any action in
>>> reliance
>>>>> on it.
>>>>>> If you have received this communication in error, please 
>> notify the
>>>>> sender
>>>>>> and delete this message immediately.
>>>>>>
>>>>>>  
>>>>>>
>>