[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [KEYPROV] Latest version of PSKC

Hi Philip,
 
Thanks for the addition. I am good for the description about the CryptoModuleInfo. We need to change schema section to reflect Id being MANDATORY. Currently, it is optional. It is sufficient that the element of CryptoModuleInfo is optional in a Key type.
 
- Ming

From: Philip Hoyer [mailto:phoyer at actividentity.com]
Sent: Tuesday, May 19, 2009 3:10 AM
To: Pei, Mingliang; Tschofenig, Hannes (NSN - FI/Espoo); Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM; KEYPROV
Subject: RE: [KEYPROV] Latest version of PSKC

Ming,

Another updated version:

 

-          corrected a couple of typos on the MACMethod and added normative reference to PKCS5

-          added a new section around CryptoModuleInfo (section 4.2.2) – please all review the text.

-          Reworded introduction

 

Philip

 

From: Pei, Mingliang [mailto:mpei at verisign.com]
Sent: Tuesday, May 19, 2009 4:11 AM
To: Philip Hoyer; Tschofenig, Hannes (NSN - FI/Espoo); Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM; KEYPROV
Subject: RE: [KEYPROV] Latest version of PSKC

 

Here is a newly updated version with the following changes:

 

- MACMethod description in the key protection section
- PBE example fixed
- Describe how IV is conveyed
- Reference section: add reference about W3C derived key and KW-AES with padding

- Ming

 

From: Philip Hoyer [mailto:phoyer at actividentity.com]
Sent: Friday, May 15, 2009 5:02 AM
To: Philip Hoyer; Tschofenig, Hannes (NSN - FI/Espoo); Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM; Pei, Mingliang; KEYPROV
Subject: RE: [KEYPROV] Latest version of PSKC

Ladies and Gentlemen,

Another version with some revisions:

  • Added the MACMethod to the symmetric encrypted example and generated proper  values programmatically (added definition of values to the spec)
  • Corrected some other typos
  • Corrected other incorrect examples (asymmetric, bulk..)
  • Changes the schema to reflect the current use of AlgorithmParameters instead of Algorithm Attributes

 

TODO:

Ming to correct passphrase based example.

 

Still need to address comments:

 

·         Tim Moses: I think foreign XML namespaces should be declared somewhere (e.g. XMLEnc). Not left in the schema itself but maybe in the terminology section or separate section

  • Andrea has the same comment: * S1.0 - Please refer to DSKPP S1.1, S1.2, and S1.3 for Versioning and XML namespace info.  This same info is covered in PSKC, but much later.  It would be easier for KEYPROV readers to find the info is organized in the same place across both docs.
  • Do we need to support different padding algorithms or are we happy to only support PKCS5 padding for not padded algorithms (e.g. AESCBC-128?)

 

 

Philip

 

From: keyprov-bounces at ietf.org [mailto:keyprov-bounces at ietf.org] On Behalf Of Philip Hoyer
Sent: Wednesday, May 13, 2009 6:53 PM
To: Tschofenig, Hannes (NSN - FI/Espoo); Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM; Pei, Mingliang; KEYPROV
Subject: [KEYPROV] Latest version of PSKC

 

Ladies and Gentlemen,

Please find attached the latest schema and PSKC draft.

 

I have addressed most of the editorial comments from Andrea, Salah and Tim Moses

 

Please note that I have not yet changes the AlgorithmParameters to AlgorithmAttributes, please see my separate email on this subject.

 

TODO:

·         Ming needs to update the passphrase example

·         Ming to add description of MACMethod

·         Philip to change Symmetric key encrypted example to reflect MACMethod

 

Comments to be addressed:

·         Tim Moses: I think foreign XML namespaces should be declared somewhere (e.g. XMLEnc). Not left in the schema itself but maybe in the terminology section or separate section

  • Andrea has the same comment: * S1.0 - Please refer to DSKPP S1.1, S1.2, and S1.3 for Versioning and XML namespace info.  This same info is covered in PSKC, but much later.  It would be easier for KEYPROV readers to find the info is organized in the same place across both docs.
  • Do we need to support different padding algorithms or are we happy to only support PKCS5 padding for not padded algorithms (e.g. AESCBC-128?)

 

Philip

 

________________________________

 

Philip Hoyer

 

Senior Architect - Office of CTO

 

ActivIdentity (UK)

117 Waterloo Road

London SE1 8UL

 

Telephone: +44 (0) 20 7960 0220

Fax: +44 (0) 20 7902 1985

 

Private and confidential: This message and any attachments may contain

privileged / confidential information. If you are not an intended recipient,

you must not copy, distribute, discuss or take any action in reliance on it.

If you have received this communication in error, please notify the sender

and delete this message immediately.