RE: [oasis-charter-discuss] EKMI

[John Messing <jmessing@law-on-line.com>]

There were no accusations, so there is nothing to retract. I reiterate
my request that not to be mistaken for bullying, the tone be modulated
by all.

Thank you.

> -------- Original Message --------
> Subject: RE: [oasis-charter-discuss] EKMI
> From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
> Date: Sun, November 19, 2006 7:08 am
> To: "John Messing" <jmessing@law-on-line.com>
> Cc: <oasis-charter-discuss@lists.oasis-open.org>,
> <ietf-keyprov@safehaus.org>, "June Leung" <June.Leung@FundServ.com>,
> "Terwilliger,Ann" <aterwil@visa.com>, "Davi Ottenheimer"
> <davi@poetry.org>, <ken@adler.net>, "Arshad Noor"
> <arshad.noor@strongauth.com>
> 
> It was suggested that some people might be misled by the use of certain language. "Some might be misled into thinking that 3DES/AES keys are being provisioned by the Provisioning System for general use by business applications, "
> 
> I pointed out that standards are not tutorials. So the fact that people who are unfamiliar with the standard terminology of the field might misinterpret the charter is not relevant. 
> 
> 
> I suggest that you modulate your own tone and retract your accusations immediately.
> 
> 
> > -----Original Message-----
> > From: John Messing [mailto:jmessing@law-on-line.com] 
> > Sent: Sunday, November 19, 2006 8:43 AM
> > To: Hallam-Baker, Phillip
> > Cc: oasis-charter-discuss@lists.oasis-open.org; 
> > ietf-keyprov@safehaus.org; June Leung; Terwilliger,Ann; Davi 
> > Ottenheimer; ken@adler.net; Arshad Noor
> > Subject: RE: [oasis-charter-discuss] EKMI
> > 
> > All:
> > 
> > I personally dislike bullies, whether street thugs or the 
> > intellectually effete. Please modulate your tone and comments 
> > accordingly.
> > 
> > Thank you.
> > 
> > 
> > > -------- Original Message --------
> > > Subject: RE: [oasis-charter-discuss] EKMI
> > > From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
> > > Date: Sat, November 18, 2006 8:03 pm
> > > To: "Arshad Noor" <arshad.noor@strongauth.com>
> > > Cc: <oasis-charter-discuss@lists.oasis-open.org>,
> > > <ietf-keyprov@safehaus.org>, "June Leung" 
> > <June.Leung@FundServ.com>, 
> > > "Terwilliger, Ann" <aterwil@visa.com>, "John Messing"
> > > <jmessing@law-on-line.com>, "Davi Ottenheimer" <davi@poetry.org>, 
> > > <ken@adler.net>
> > > 
> > > > From: Arshad Noor [mailto:arshad.noor@strongauth.com]
> > > 
> > > > The confusion between the WG and TC charters arises 
> > because of the 
> > > > industry's (sometimes misguided) notion for referring to 
> > the "shared 
> > > > secrets" of authentication credentials as "symmetric 
> > keys" - which 
> > > > is similar to the term used by cryptographers when referring to 
> > > > encryption/decryption keys used with symmetric ciphers.
> > > 
> > > The use of the term symmetric key to refer to a MAC key is 
> > the accepted term in the field.
> > > 
> > > There are several proposed MAC modes for AES and there are 
> > several composite encryption/authentication modes for block ciphers.
> > > 
> > > 
> > > > In addition, the use of such algorithms (3DES, AES) and
> > > > symmetric- encryption keys by the KEYPROV protocols to 
> > protect the 
> > > > "shared credential secret" during provisioning, adds to the 
> > > > confusion.
> > > > Some might be misled into thinking that 3DES/AES keys are being 
> > > > provisioned by the Provisioning System for general use by 
> > business 
> > > > applications, as opposed to the use of those symmetric encryption 
> > > > keys by the Provisioning System and the Credential Container for 
> > > > securely transporting the credential-secret between the two.
> > > 
> > > Such misperceptions are not a concern. It is not our job to 
> > give people tutorials in network protocol design.
> > 
> > 
> >