Client Information Structure

["Dunn, Chris" <Chris.Dunn@safenet-inc.com>]

I realize this is partly related to client registration, but I’m hoping to get some basic client identifying information transmitted to the Key Manager.  The base information would be useful includes:

            Manufacturer Name

            Model – model of the product running the client

            Label – user entered description of the specific client

            Serial Number – further identification

            Hardware, firmware and software version of the client’s components

            Effective security level: (1, 2, 3 or 4modeled after FIPS 140)

            FIPS validated status

 

Having a message or protocol structure that carries this information would simplify the otherwise out-of-band client registration process.  It would also allow the server to make some policy decisions.  For example, a FIPS 140 Level 3 module will require keys delivered in wrapped format. 

 

As an analog to PKCS #11’s C_GetTokenInfo, I believe this will be very useful to Key Managers that are handling a wide range of clients.

 

To save communication overhead, I assume each client would be responsible for informing its Key Server each time one of these items changes value.

 

I can put together a detailed proposal, but first I thought I’d get this proposal on the table and see what others are thinking.

 

Chris Dunn

 

The information contained in this electronic mail transmission 
may be privileged and confidential, and therefore, protected 
from disclosure. If you have received this communication in 
error, please notify us immediately by replying to this 
message and deleting it from your computer without copying 
or disclosing it.