[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: TPM Key backup/migration and KMIP interop
The TCG infrastructure working group (IWG) defined a backup/migration specification for migrating keys from on TPM platform to another. The current IWG document (from 2004) specifies the use of Web Services Architecture profiles for interoperability. That spec also calls for an XML-based message format be used for passing the key migration information between platforms via a SOAP interface. However, the spec does allow for the transport of data over other interfaces, including a TLS channel or a proprietary transfer mechanism. Presumably, it would also allow for the use of a KMIP protocol if the messages could be made to work in the KMIP object space. The IWG is wondering if there is a way to move TPM migration objects using the KMIP protocol. Currently, the list of managed objects and attributes defined in the KMIP spec would probably not be sufficient to represent the data that the TPM migration would require. The TPM migration data could be wedged into the Opaque Object with custom attributes, but that is probably not the optimal solution. Also, the list of client-server operations currently defined might not fully meet the requirements of the TPM migration operation (more investigation needed here, though). I wanted to bring this to the attention of the group because the IWG would like to be able to use the KMIP protocols in the future and are asking for advice on what would be the best way to move forward. Would they need to write a new usage profile or possibly suggest objects, attributes, and operations for the core spec? Additionally, the IWG would also have to amend their own specs to indicate how to use KMIP. -Wyllys Ingersoll TCG IWG Liason
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]