[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[KEYPROV] KEYPROV vs. KeyGen/Xenroll/generateCRMFrequest

To: <keyprov at ietf.org>
Subject: [KEYPROV] KEYPROV vs. KeyGen/Xenroll/generateCRMFrequest
From: "Rundgren, Anders" <arundgren at rsasecurity.com>
Date: Thu, 14 Jun 2007 09:23:39 +0100
List-archive: <http://www1.ietf.org/pipermail/keyprov>
List-help: <mailto:keyprov-request@ietf.org?subject=help>
List-id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-post: <mailto:keyprov@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
References: <65C7072814858342AD0524674BCA2CDB0B766957@rsana-ex-hq2.NA.RSA.NET>
Thread-index: AcetD/2qSnEvhIQASCODWv6E2E66jgAE83aJ
Thread-topic: KEYPROV vs. KeyGen/Xenroll/generateCRMFrequest

Dear all,

Although only being an occasional lurker on this list, may I comment
on the tentative specifications anyway?
 
The three (PKI) key provisioning mechanisms mentioned in the subject
line are quite different from each other but have one thing in common
and that is that they are primarily used in conjunction with browser-
based processes.

Note that although browsers indeed use HTTP, "HTTP-bindings" are not
equivalent to "browser-bindings" because the latter require links
to the browser platform which may constitute of Javascript objects,
dedicated MIME-types, or specific HTML tags.

Among benefits of using browser-based key provisioning processes
I would include:

- Elimination of user/session authentication elements in the protocol
  itself by reusing existing web technology

- Efficient provisioning processes where invocation URLs can be sent
  through e-mail and SMS and then clicked on by the user

- High flexibility regarding the orchestration of the provisioning
  process
 

KEYPROV seems to depart from this fairly established paradigm.
 
Is there a rationale for taking this direction, apart from the
obvious hurdle of getting browser vendors interested?

Anders Rundgren

_______________________________________________
KEYPROV mailing list
KEYPROV at ietf.org
https://www1.ietf.org/mailman/listinfo/keyprov

References:
- [KEYPROV] info on P1619.3
  - From: Griffin, Robert

Prev by Date: RE: [KEYPROV] Issue Tracker Up and Running
Next by Date: [KEYPROV] [issue3] Consistent definition about IDs between Keyprov and PSKC: TokenID, DeviceID, and KeyID
Previous by thread: [KEYPROV] info on P1619.3
Next by thread: [KEYPROV] FW: [Auto Response]
Index(es):
- Date
- Thread