OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [kmip-comment] KMIP vs EKMI


Thanks for responding.

I've read the KMIP standard, and in general it makes sense.  But I'm still not clear where EKMI and SKSML fit in.  If, for example, KMIP provides "... an interoperable protocol for standard communication between key management servers, and clients and other actors which can utilize these keys. Secure key management for TPMs (Trusted Platform Modules) and Storage Devices will be addressed. The scope of the keys addressed is enterprise-wide, including a wide range of actors: that is, machine, software, or human participants exercising the protocol within the framework", then what additional value does EKMI and SKSML bring to the table?  If I were designing an enterprise key management tool that supported KMIP, would I also support EKMI and SKSML?  Are there players that communicate using EKMI/SKSML and don't support KMIP?


On Thu, Jan 19, 2012 at 10:26 AM, <robert.griffin@rsa.com> wrote:

Hi Dean –


As I think you’ll see in the attached charters for the EKMI and KMIP technical committees (available on our public pages), we in KMIP see our work as complementary to EKMI:


-          EKMI has focuses on an XML-based protocol for exchange of symmetric keys and key policy. SKSML V1.0 (http://docs.oasis-open.org/ekmi/sksml/v1.0/SKSML-1.0-Specification.html) does a great job in defining this protocol.


-          KMIP focuses on defining a protocol using tag-type-length-value syntax that can be implemented at a lower level, supporting a broad range of cryptographic objects. Other protocols, such as EKMI, can be implemented on top of KMIP if that is useful for the particular environment in which a cryptographic client or key management server is operating. The KMIP V1.0  Specification (http://docs.oasis-open.org/kmip/spec/v1.0/cs01/kmip-spec-1.0-cs-01.pdf) describes the current version of the protocol; we are very close to beginning a public review of KMIP V1.1 and would very much welcome your review of and comments during that public review.


If we or the EKMI folks can be of further help, don’t hesitate to contact us!



Bob Griffin

Co-chair KMIP TC



From: Dean Macinskas [mailto:sdrain9@gmail.com]
Sent: Thursday, January 19, 2012 2:33 PM
To: kmip-comment@lists.oasis-open.org
Subject: [kmip-comment] KMIP vs EKMI


Can someone provide some insight as to the differences between EKMI and KMIP, what their respective target application environments are and why one would choose one over the other?  They appear to use completely different communications protocols.  Are they seen as competing or complementary?  Is there a document or FAQ that discusses this?





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]