[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Client Information Structure
I realize this is partly related to client registration, but
I’m hoping to get some basic client identifying information transmitted
to the Key Manager. The base information would be useful includes: Manufacturer
Name Model
– model of the product running the client Label
– user entered description of the specific client Serial
Number – further identification Hardware,
firmware and software version of the client’s components Effective
security level: (1, 2, 3 or 4modeled after FIPS 140) FIPS
validated status Having a message or protocol structure that carries this
information would simplify the otherwise out-of-band client registration
process. It would also allow the server to make some policy decisions.
For example, a FIPS 140 Level 3 module will require keys delivered in wrapped
format. As an analog to PKCS #11’s C_GetTokenInfo, I believe
this will be very useful to Key Managers that are handling a wide range of
clients. To save communication overhead, I assume each client would
be responsible for informing its Key Server each time one of these items
changes value. I can put together a detailed proposal, but first I thought
I’d get this proposal on the table and see what others are thinking. Chris Dunn The information contained in this electronic mail transmission may be privileged and confidential, and therefore, protected from disclosure. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer without copying or disclosing it. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]