Re: [ekmi-sksml] CMS for key packaging

[Arshad Noor <arshad.noor@strongauth.com>]

I forgot to answer your question:  yes, there is some technology
I ran into that apparently converts ASN to XML:  XML Encoding Rules
(XER).  More information is at http://asf.gils.net/xer/.

Arshad Noor
StrongAuth, Inc.

Arshad Noor wrote:
> Sandi,
> 
> Thank you for the DRAFT RFC on "Symmetric Key Package Content
> Type".  I have a few comments:
> 
> 1) OASIS, to the best of my knowledge, rightly or wrongly, has
>    focused only on XML-based standards.  This could be a
>    reflection of the fact that the IETF already focuses on ASN.1
>    based protocols and OASIS may have felt that they didn't need
>    to duplicate that area of focus.
> 
>    However, I think they focus purely on XML-based standards only
>    because the market has stated its preference.  While current
>    applications based on ASN work perfectly well, there has been
>    no denying that ASN is one of the hardest syntaxes to learn or
>    understand; with all my years of learning, I still struggle
>    with it; a significantly better person than I - David Hook -
>    one of the prime committers of the BouncyCastle JCE provider
>    compared it to "Klingon". :-)
> 
> 2) That said, I would like to understand why an XML-based protocol
>    may not meet the US DoD's needs.  If there are libraries that
>    take care of the parsing, assembly, communication, etc. and
>    hand the application precisely the data/object they need to work
>    with (just like the ASN libraries do) why will not XML work?
> 
>    For instance, an application that needs to decrypt data, only
>    needs to get the symmetric key as an opaque blob, and then call
>    the appropriate functions in the library to perform the crypto
>    operation.  If the underlying libraries take care of calling a
>    network service, authenticating to it, getting the symmetric key,
>    verifying it, extracting it and then making it available to the
>    higher-order application, why does it matter that the structure
>    in which the message is transported is ASN vs. XML?  The higher
>    order application doesn't deal with either data-structure in
>    either case.
> 
>    But, there is no doubt that every new tool, technology and
>    innovation in computing has an XML interface today, because
>    people find it easier to work with, understand and learn.
> 
> So, it would be really helpful to this TC/SC to understand what
> benefits the Abstract Syntax Notation provides that cannot be
> addressed by an XML-based data-structure.
> 
> Thanks.
> 
> Arshad Noor
> StrongAuth, Inc.
> 
> 
> Roddy, Sue A. wrote:
> 
>> While this is written in ASN.1, the concepts of CMS as a wrapper and the
>> notion of content type for key packages (symmetric) is one we'd like to
>> propose for consideration.
>>
>> File attached - as noted, the intent is to take to the IETF in July which
>> does mean some loss of author control,  but I'd still like some feedback.
>>
>> Also - we are actively looking for tools that convert ASN.1 standards 
>> into
>> XML - any ideas?
>>
>> regards
>> Sandi
>>
>>  <<draft-ietf-turner-symmetrickeyformat-ekmiv1.doc>>
>> Sandi Roddy
>> I5 Technical Leader for IA Infrastructure Transformation
>> National Security Agency
>>