OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [kmip] Split Key proposal

Hi Bob -

Thanks! I had thought to frame the use case in terms of an admin m-of-n requirement, but using a payment example as well is a great idea. I'll put together a first cut at the use cases tomorrow and send it around.

Regards,

Bob

-----Original Message-----
From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of Lockhart, Robert
Sent: Thursday, April 04, 2013 10:41 PM
To: Kelley Burgin; kmip@lists.oasis-open.org
Subject: RE: [kmip] Split Key proposal

While we are discussing it, the Join Key has real world use cases for payments networks where key entry devices hang on a network for direct entry into a encryption device.  This would allow us to have the entry device store the splits and the application send an identifier to the encryption hardware/software to retrieve a key from a key manager as needed.

I have some questions on create splits but I need to read the last proposal before I ask.

Bob L.

Robert A. (Bob) Lockhart
Chief Solution Architect - Key Management THALES e-Security, Inc.
________________________________________
From: kmip@lists.oasis-open.org [kmip@lists.oasis-open.org] On Behalf Of Kelley Burgin [kwburgi@tycho.ncsc.mil]
Sent: Thursday, April 04, 2013 06:42
To: kmip@lists.oasis-open.org
Subject: [kmip] Split Key proposal

Here is the latest on split keys for discussion today: I'd like to get an idea of whether it's worth proceeding with the following. It seems to be the most reasonable approach until we have ACLs in KMIP. The benefit of Create Split Key is pushing the algorithmic complexity of key splitting to the server. The benefit of Join Split Key is the ability for a client to combine and use a key without the key being exposed to the client.

Create Split Key: returns the UUIDs of the splits. Client side distribution of splits. No ACLs. Links can be discussed.

Join Split Keys: takes as input a list of UUIDs corresponding to splits and returns a new UUID for the key created by combining the splits. This is a new operation to be considered with or separate from Create Split Key.

Kelley

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]