[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Symmetric Key Response - Phil Hoyer, IETF KeyProv Suggestion
Hi all, we had agreed to incorporate Phil Hoyer's suggestion for the Symmetric Key Response pay load to have extensions to allow non-ekmi based systems to send responses back. The original proposal is here: http://wiki.oasis-open.org/ekmi/CommentsReceivedForSKSMLReview This is how the incorporation will be: Regular SKSML Response Payload: ================== <ekmi:SymkeyResponse xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#' xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ekmi:Symkey> <ekmi:SymkeyRequestID>10514-1-7476</ekmi:SymkeyRequestID> <ekmi:GlobalKeyID>10514-1-235</ekmi:GlobalKeyID> <ekmi:KeyUsePolicy> <ekmi:KeyUsePolicyID>10514-4</ekmi:KeyUsePolicyID> <ekmi:PolicyName>DES-EDE KeyUsePolicy</ekmi:PolicyName> <ekmi:KeyClass>HR-Class</ekmi:KeyClass> <ekmi:KeyAlgorithm> http://www.w3.org/2001/04/xmlenc#tripledes-cbc </ekmi:KeyAlgorithm> <ekmi:KeySize>192</ekmi:KeySize> <ekmi:Status>Active</ekmi:Status> <ekmi:Permissions> .... </ekmi:Permissions> </ekmi:KeyUsePolicy> <ekmi:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <xenc:CipherData> <xenc:CipherValue> .... </xenc:CipherData> </ekmi:Symkey> </ekmi:SymkeyResponse> ==================== An IETF KeyProv response embedded in the sym key response would look as follows: ==================== <ekmi:SymkeyResponse xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#' xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <KeyContainer Version="1.0" xmlns="urn:ietf:params:xml:ns:keyprov:pskc:1.0"> <Device> <DeviceInfo> <Manufacturer>aManufacturer</Manufacturer> <SerialNo>10514-1-235</SerialNo> </DeviceInfo> <Key KeyAlgorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" KeyId="10514-1-235"> <Issuer>anIssuer</Issuer> </Key> </Device> </KeyContainer> </ekmi:SymkeyResponse> ======================== I think parsers are smart enough to figure out the payload and there is no need to add an additional indirection to identify the type of payload contained inside the ekmi:SymkeyResponse Regards, Anil
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]