[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [KEYPROV] New proposal od PSKC schema based on discussions at IETF and terminology alignment

To: <philip.hoyer at actividentity.com>, <keyprov at ietf.org>
Subject: Re: [KEYPROV] New proposal od PSKC schema based on discussions at IETF and terminology alignment
From: <Pasi.Eronen at nokia.com>
Date: Mon, 20 Apr 2009 09:21:10 +0200
Accept-language: en-US
Acceptlanguage: en-US
Delivered-to: keyprov at core3.amsl.com
In-reply-to: <5BFE9E473DBFC24CA87F18F29B3F0AC403EB74D1 at sur-corp-ex-02.corp.ad.activcard.com>
List-archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-help: <mailto:keyprov-request@ietf.org?subject=help>
List-id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-post: <mailto:keyprov@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
References: <808FD6E27AD4884E94820BC333B2DB7727F20B4A3F at NOK-EUMSG-01.mgdnok.nokia.com> <5BFE9E473DBFC24CA87F18F29B3F0AC403EB73D9 at sur-corp-ex-02.corp.ad.activcard.com> <5BFE9E473DBFC24CA87F18F29B3F0AC403EB74D1 at sur-corp-ex-02.corp.ad.activcard.com>
Thread-index: Acms6236ZbPN91oQRTiLhHxN0dI8GwAP7zOgAsnVWzACTUAdYA==
Thread-topic: [KEYPROV] New proposal od PSKC schema based on discussions at IETF and terminology alignment

Philip Hoyer wrote:

> Key Type: this is still split as currently used in PSKS
> Determines how a Key works: for example, the allowed lengths
> of the Key Value, -> currently determined by PSKC:Key(algorithm)
> the cryptographic operations that can be performed
> (e.g. OTP computation or challenge-response) -> PSKC.Key.Policy.Usage

At least my understanding was that "Key Type" would be a single 
value (URI), and the things currently under Usage (ChallengeFormat,
Encoding, CheckDigit, ...) would all be key attributes. So I'd 
propose just renaming the KeyAlgorithm attribute (in Key) to 
KeyType (we did debate whether this should be called "Key Algorithm",
"Key Type", "Key Class" or something else, and settled on "Key Type").

Splitting the Key Attributes to two places is OK, but for consistency,
they probably should be named AlgorithmAttributes (instead of
AlgorithmParameters -- I think we did discuss whether these should be 
called "Key Attributes" or "Key Parameters" or something else),
and "PolicyAttributes".

But otherwise this looks pretty good!

Best regards,
Pasi

References:
- [KEYPROV] My notes from today
  - From: Pasi.Eronen
- Re: [KEYPROV] My notes from today
  - From: Philip Hoyer
- [KEYPROV] New proposal od PSKC schema based on discussions at IETF and terminology alignment
  - From: Philip Hoyer

Prev by Date: [KEYPROV] ECDSA for the Universal Keystore
Next by Date: [KEYPROV] Make DSKPP server authentication extensible
Previous by thread: [KEYPROV] New proposal od PSKC schema based on discussions at IETF and terminology alignment
Next by thread: Re: [KEYPROV] New proposal od PSKC schema based on discussions at IETFand terminology alignment
Index(es):
- Date
- Thread