RE: [kmip] Split Key proposal

["Lockhart, Robert" <Robert.Lockhart@thalesesec.com>]

While we are discussing it, the Join Key has real world use cases for payments networks where key entry devices hang on a network for direct entry into a encryption device.  This would allow us to have the entry device store the splits and the application send an identifier to the encryption hardware/software to retrieve a key from a key manager as needed.

I have some questions on create splits but I need to read the last proposal before I ask.

Bob L.

Robert A. (Bob) Lockhart
Chief Solution Architect - Key Management
THALES e-Security, Inc.
________________________________________
From: kmip@lists.oasis-open.org [kmip@lists.oasis-open.org] On Behalf Of Kelley Burgin [kwburgi@tycho.ncsc.mil]
Sent: Thursday, April 04, 2013 06:42
To: kmip@lists.oasis-open.org
Subject: [kmip] Split Key proposal

Here is the latest on split keys for discussion today: I'd like to get
an idea of whether it's worth proceeding with the following. It seems
to be the most reasonable approach until we have ACLs in KMIP. The
benefit of Create Split Key is pushing the algorithmic complexity of
key splitting to the server. The benefit of Join Split Key is the
ability for a client to combine and use a key without the key being
exposed to the client.

Create Split Key: returns the UUIDs of the splits. Client side
distribution of splits. No ACLs. Links can be discussed.

Join Split Keys: takes as input a list of UUIDs corresponding to
splits and returns a new UUID for the key created by combining the
splits. This is a new operation to be considered with or separate from
Create Split Key.

Kelley

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php