OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Overview of Profiles included in the Basic Asymmetric Key Profiles document


Here is a summary of the use cases covered by the five profiles included
in the Basic Asymmetric Key Profiles document posted to the OASIS site
today:

1.  Basic Asymmetric Key Store (section 1.1):  Key pairs are generated
external to the server and are sent to the server for storage (perhaps
for key escrow reasons or for ease of distribution to other entities).
This profile only requires support for the Register operation.  No
support for certificates imposed on server.

2.  Basic Asymmetric Key and Certificate Store (section 1.2):  Key pairs
and certificates are generated external to the server and are sent to
the server for storage (perhaps for key escrow reasons or for ease of
distribution to other entities).  This profile only requires support for
the Register operation.  [May need to make vaulting of dig sig/non-rep
only keys optional to avoid controversy over whether this type of keys
should be held away from the owner of the keys.]

3.  Basic Asymmetric Key Foundry and Server (Section 1.3):  3.  Key
pairs (but not certificates) are generated by the server.  This profile
only requires support for the Create Key Pair and Rekey (which is
modified supports asymmetric keys) operations.

4.  Basic Certificate Server (Section 1.4):  Key pairs are generated
external to the server (aka locally at the client) but the client would
contact the server to request a certificate to be generated -- either
directly by the KM or the KM proxies the request to a CA.  This profile
would support Certify and Re-certify.  [Optionally this profile could
support register for the key pairs.]

5.  Basic Asymmetric Key Foundry and Certificate Server (Section 1.5):
Key pairs are generated by the server and the server would also handle
getting the corresponding certificates generated (either using its own
capabilities or by contacting a CA).  This profile would include the
Create Key Pair, Rekey (which is modified supports asymmetric keys),
Certify and Re-certify operations.

Judy

Judith Furlong | Principal Product Manager | EMC Product Security Office
| RSA -The Security Division of EMC | t: 508 249 3698 |  f: 508 249 6107
| e: Furlong_Judith@emc.com 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]