[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[KEYPROV] My notes from today

To: <keyprov at ietf.org>
Subject: [KEYPROV] My notes from today
From: <Pasi.Eronen at nokia.com>
Date: Wed, 25 Mar 2009 02:45:52 +0100
Accept-language: en-US
Acceptlanguage: en-US
Delivered-to: keyprov at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-help: <mailto:keyprov-request@ietf.org?subject=help>
List-id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-post: <mailto:keyprov@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
Thread-index: Acms6236ZbPN91oQRTiLhHxN0dI8Gw==
Thread-topic: My notes from today

Writing these down before the social event... 

Key: A logical component that performs symmetric key operations using
a Key Value, Key Attributes, and other state. 

Key Value: The secret value used by a Key.  (DSKPP and PSKC treat this
as a single key, although there could be some internal structure.)

Key Attributes: Set of information that influence how the Key Value
will be used, and how the Key can be used.

   Example: The length of OTP value (for OTP algorithms that support
   variable length OTPs), date after which the Key should not be used,
   how access to Key functionality should be controlled (e.g. local
   PIN code).

Key Type: Determines how a Key works: for example, the allowed lengths
of the Key Value, the cryptographic operations that can be performed
(e.g. OTP computation or challenge-response) and their inputs,
outputs, and algorithms; and what Key Attributes can be used.

   Example: some examples of one-time password Key Types are HOTP
   [RFC4226], S/Key [RFC1760], and SecurID-AES. In DSKPP and PSKC, 
   Key Types are identified by URIs.

Cryptographic Module: A logical component that contains one or more
Keys. Can be implemented in hardware or software.

Device: The physical device implementing the Cryptographic Module.

   Example: For hardware Cryptographic Modules, a single Device
   usually contains only one Cryptographic Module. For software
   Cryptographic Modules, the Device is the host device (laptop,
   server, mobile phone, etc.), and can contain multiple 
   Cryptographic Modules.

Key Package: A data structure for moving a single Key from one
Cryptographic Module to another. Contains data about the Key (e.g. Key
Value and Attributes), Cryptographic Module (e.g. source or intended
destination Key), Device, Issuer (an organization or party that
manages some Keys -- and possibly Cryptographic Modules and/or Devices
-- or has some kind of authority over them), and User (user, account,
role, or other entity that uses the services provided by Key, or is
otherwise associated with it).
  
Key Container: A data structure or file containing one or more Key
Packages.


These were not discussed, but should be very straightforward:

DSKPP Client: The logical entity implementing the client part of DSKPP
protocol; communicates with an Cryptographic Module to provision Keys
to the Cryptographic Module. In case of Hardware Cryptographic
Modules, the DSKPP Client might run on a PC to which the Hardware
Cryptographic Module is connected.  In case of Software Cryptographic
Modules, the DSKPP Client could be part of the same software package
as the Cryptographic Module itself, or separate.  (The interface
between the Cryptographic Module and the DSKPP Client is not specified
in this document.)

DSKPP Server: The logical entity that communicates with the DSKPP
client; usually communicates with a server-side Cryptographic Module
so that a corresponding Key (with the same Key Value) exists also on
the server side. The interface between the DSKPP Server and the
server-side Cryptographic Module is beyond the scope of this document.


--------------

<KeyContainer>
<KeyPackage>
...info about Key
...info about Cryptographic Module
...info about Device
...info about Issuer
...info about User
</KeyPackage>
<KeyPackage>
....
</KeyPackage>
<KeyPackage>
....
</KeyPackage>
</KeyContainer>

--------

Best regards,
Pasi

Follow-Ups:
- Re: [KEYPROV] My notes from today
  - From: Philip Hoyer

Prev by Date: [KEYPROV] IETF KEYPROV bar discussion topic
Next by Date: Re: [KEYPROV] My notes from today
Previous by thread: [KEYPROV] IETF KEYPROV bar discussion topic
Next by thread: Re: [KEYPROV] My notes from today
Index(es):
- Date
- Thread