New mailing list for discussion of KEYPROV symmetric key provisioning proposal

["Hallam-Baker, Phillip" <pbaker at verisign.com>]

This message is being sent to the IETF mailing list in accordance with recent requests to notify IETF members of proposals to form working groups etc in this forum.

 

 

The OATH consortium and RSA recently submitted proposals relating to the provisioning of symmetric keys.

 

While the immediate focus of these proposals is OTP tokens any technology developed is likely to have widespread application within the standards community. In particular we note that the IETF now requires proposals involving the use of cryptographic material to provide a means of managing and provisioning the keying material.

 

To this end we have set up a mailing list to discuss the proposed formation of an IETF WG in response to the security ADs request that we establish it prior to consideration of our request for a BOF.

 

The strawman charter has been discussed at some length within OATH already, possibly more than is desirable for a pre-pre-standards activity.

 

 

The proposed name is KEYPROV

 

The mailing list is ietf-keyprov@safehaus.org

 

The name ietf-keyprov has been chosen to impress upon the members the fact that the mailing list is for the purpose of discussions that are intended to form an IETF working group that will operate under NOTE WELL and result in a spec consistent with the IPR requirements set out in the draft charter.

 

 

The draft charter is:

 

Provisioning of Symmetric Keys (KEYPROV)

 

Background

One Time Password (OTP) tokens provide a convenient and secure means of user authentication. Combined with a PIN an OTP token provides a robust two factor authentication solution.

Recent developments in Internet crime, in particular credential theft (phishing) makes the widespread use of and thus development of open standards for OTP tokens and other symmetric key cryptographic systems highly desirable.

This requires a standards based key provisioning infrastructure analogous to the mechanisms provided in public key infrastructures. In particular the ability to provision symmetric keys and associated attributes dynamically to already issued devices such as cell phones and USB drives is highly desirable. The working group will develop the necessary protocols and data formats required to support provisioning and management of symmetric key authentication tokens, both proprietary and standards based.

Intellectual Property

It is the intention of the working group to create an open standard unencumbered by proprietary intellectual property claims. Essential claims required to implement the specification should be available for license according to Reasonable, Non-Discriminatory and Royalty Free terms (RAND-Z).

Scope and Deliverables

The scope of the working group shall be to define protocols and data formats necessary for provisioning of symmetric cryptographic keys and associated attributes.

The working group will produce the following deliverables:

• Portable Symmetric Key Container
• Dynamic Symmetric Key Provisioning Protocol

Milestones

·        2006 July                     Charter WG

·        2006 November           WG last call on Portable Symmetric Key Container

·        2006 December           WG last call on Dynamic Symmetric Key Provisioning Protocol

·        2007 January                IETF Last call on PROPOSED status

·        2007 April                    Complete Interoperability testing

·        2007 July                     WG last call on promotion to DRAFT

·        2007 September           IETF last call on DRAFT status

·        2007 December           WG closes.

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf