OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Groups - Crypto Use Cases draft 0.2 uploaded


Submitter's message
Hi ?

I?ve just uploaded a new version of the crypto use cases. Thanks to everyone (especially John, Tim and Kiran) who has provided suggestions/comments/questions to help me with them! And my apologies again in taking so long to get this second draft out for review.

There?s still a lot of work I?d like to do on them. But in adding 3 use cases I?ve tried to give some the broader context that John had rightly asked for in his comments (see his email of 26-Oct-2012), including broadening them beyond cloud. I also revised the existing attestation and encrypt/decrypt use cases to reflect at least some of John?s comments and the most recent developments in the attested operations proposal.

But there's still a lot of work I'd like to do:

- Although I called out the KMIP-managed key in the encrypt/decrypt use case, it seemed to me that the detail that John wrote up might fit better into the Usage Guide, as Kelley has done for the detail on attested operations. John, see what you think? If so, I?m happy to take a crack at that.

- The simple key hierarchy use case I?ve described for wrap/unwrap is probably less compelling than when there are more complex hierarchies and/or multiple keys involved. It seemed good to start with this simple use case; if we need to include something more complex, I can try to write that up (BobL, I?d likely need you nelp on that)..

- I haven't written up the use case for using a trusted server (eg FIP140-2 level 3 validation) for cryptographic operations when the client is less trusted or less validated. Probably worth including?

- Similarly, we might want to have use cases for using an auditable server for cryptographic operations when where the client has more limited capabilities for control or audit.

- I haven?t described the use cases for seeding a PRNG from a validated RNG. Probably worth including this? We could then extend this use case in the future to streaming random, persistent random and so on?

There's also a larger issue that Kiran pointed out to me, that the KMIP use cases in general present various parts of the life-cycle of keys without ever pulling them together into a single consistent picture of typical key life-cycles. I don't know if we want to tackle this; if we do, i don't know if the use cases are the right place for that. But I think Kiran is right that without that kind of consistent picture, we're likely to be over-looking gaps that should be addressed...

regards,

Bob

-- Mr. Robert Griffin
Document Name: Crypto Use Cases draft 0.2

Description
Crypto Use Cases draft 0.2
Download Latest Revision
Public Download Link

Submitter: Mr. Robert Griffin
Group: OASIS Key Management Interoperability Protocol (KMIP) TC
Folder: Proposals
Date submitted: 2013-03-21 08:47:08



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]