OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: discussion of attested Get in today's TC call


Hi –

 

For the discussion of attested Get, I’d like to begin with the proposal that Kelley submitted in July (also attached).  The issue that the proposal is addressing is:

 

In some scenarios the KMIP server may want assurance of the integrity of the client’s system before returning the requested Managed Object (e.g. TCG integrity reports). Additionally, the server may want a guarantee of the freshness of the integrity measurement

 

In summary, the doc proposes the following 4-pass model with 2 new operations, one of which has 2 new attributes:

 

1.     The client sends a Get Challenge request to the server (with optional unique id and attribute name).

2.     The server returns a Get Challenge response to the client with required Challenge managed object (random nonce).

3.     The client sends a Get with Measurement request for a managed object (with optional Measurement Credential byte string or Assertion byte string to the server)

4.     The server returns a Get Challenge response to the client with the Managed Object

 

Kelley and I have discussed at least several alternatives that the TC could consider:

 

-          Instead of new Get Challenge operation, use the Get Random being developed for the crypto proposal

-          Instead of the Measurement Credential / Assertion byte strings, use existing Secret Data object.

-          Instead of new Get with Measurement request, include optional Attestation attribute on Get (with either Secret Data or Measurement Credential  / Assertion)

 

Looking forward to discussing this topic today!

 

Regards,

Bob

 

 

From: Burgin, Kelley W. [mailto:kwburgi@tycho.ncsc.mil]
Sent: Thursday, October 04, 2012 1:30 PM
To: Griffin, Robert
Subject: RE: [kmip] Groups - Event "KMIP TC weekly concall" modified

 

Hi Bob,

 

I was looking at using the RNG Retrieve request from Tim’s Crypto Profile proposal. We would need to have a way of tying the request for random to the subsequent Get request, like an additional field in the RNG Retrieve request where the client could identify which key he will be issuing a Get request for later.

 

Kelley

 

From: Griffin, Robert [mailto:robert.griffin@rsa.com]
Sent: Wednesday, October 03, 2012 1:13 PM
To: Burgin, Kelley W.
Subject: Re: [kmip] Groups - Event "KMIP TC weekly concall" modified

 

Hi kelley -

I think we'll have to at least a new operation to request the nonce. But it'll be good to see what peole think!

Regardsn


Bob

 

From: Burgin, Kelley W. [mailto:kwburgi@tycho.ncsc.mil]
Sent: Wednesday, October 03, 2012 12:59 PM
To: Griffin, Robert
Subject: RE: [kmip] Groups - Event "KMIP TC weekly concall" modified
 

Hi Bob,

 

I don’t mind at all if you want to discuss the proposal this week – sorry I’ll miss it. Are you thinking to add some new objects and operations to the spec? I’ve been trying to figure out how to do attestation without changing the spec – seems hard.

 

Kelley

 

From: Griffin, Robert [mailto:robert.griffin@rsa.com]
Sent: Wednesday, October 03, 2012 8:03 AM
To: Burgin, Kelley W.
Subject: RE: [kmip] Groups - Event "KMIP TC weekly concall" modified

 

Hi Kelley –

 

I finally got back to the proposal you wrote up in July – it looks great for the initial discussion with the TC. So if it’s ok with you, I’ll go ahead and walk through it with folks tomorrow night, review a couple of alternatives for the objects and operations, and see where to go from there. I can follow up with you afterwards – I’ll send you an email on Friday, and we can decide how to carry it forward.

 

Sound good? Or would you rather push out the discussion a week, until you’re available?

 

Regards,

Bob

 

 

From: Griffin, Robert
Sent: Monday, October 01, 2012 9:01 PM
To: 'kwburgi@tycho.ncsc.mil'
Subject: FW: [kmip] Groups - Event "KMIP TC weekly concall" modified

 

Hi Kelley –

 

I should be able to send you a first write-up tomorrow evening on the attestation on get, for our KMIP call this week – sorry not to have gotten to this over the weekend!

 

Regards,

Bob

 

 

From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of Robert Griffin
Sent: Monday, October 01, 2012 8:10 PM
To: kmip@lists.oasis-open.org
Subject: [kmip] Groups - Event "KMIP TC weekly concall" modified

 

Submitter's message
hi -

i've updated the meeting invite for this week with the agenda items from our spreadsheet.

Any other items for this week?

regards,

Bob

-- Mr. Robert Griffin

Event Title: KMIP TC weekly concall


Date: Thursday, 04 October 2012, 04:00pm to 05:00pm EDT
Location: concall
Description

Call-in information will be provided to TC members and observers.


This meeting counts towards voter eligibility.


Agenda

KMIP TC weekly concall

1 Opening remarks/roll call
2 Approval of the agenda
3 Approval of previous meeting minutes
4 Old Business
 

  • Discuss initial proposal for  key  value in key block as optional and new “not here” attribute (johnL / DenisP)
  • Discuss mutability of values, either as general issue or as template-specific (BruceR / TimH)
  • Discuss preliminary new Usage Guide section on how to do attestation for Get, using Register and Get Random (BobG / KelleyB)
  • Confirm discussion items for next week (11-Oct)

 

5 New Business
6 Review Action Items
7 Adjournment

 

 


Owner: Mr. Robert Griffin
Group: OASIS Key Management Interoperability Protocol (KMIP) TC
Sharing: This event is shared with the OASIS Open (General Membership), and General Public groups. Public Event Link

 

Attachment: KMIP_measurement.docx
Description: KMIP_measurement.docx



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]