Re: [KEYPROV] Latest version of PSKC

["Hannes Tschofenig" <Hannes.Tschofenig at gmx.net>]

Hi Philip, 
 
I only have two comments: 
 
1) New Sub-Sections
 
I would delete the following new sub-sections since they add no new content.
They only replicate the content from later section. Additionally, for most
readers this is not even interesting information. The namespace identifiers
are also pretty boring. 
 
    1.2.  Versions . . . . . . . . . . . . . . . . . . . . . . . . .  4
     1.3.  Namespace Identifiers  . . . . . . . . . . . . . . . . . .  4
       1.3.1.  Defined Identifiers  . . . . . . . . . . . . . . . . .  4
       1.3.2.  Referenced Identifiers . . . . . . . . . . . . . . . .  5
 


2) A few minor things about the figure. 

The symbol "(" is not explained and I believe we should omit it with
(UserId) and (Policy). I assume it means optional but then we have to put
the brackets also to other elements/attributes. 

There is no XML element KeyData; the element is called "Data".  As child
elements one could list Counter and Secret. 

I would omit the <PlainValue> and <EncryptedValue> box since they do not fit
into the way how the diagram is written. 

Alternatively you could leave Data empty and draw a few boxes for Counter,
Secret, etc. 
These boxes would then have PlainValue and EncryptedValue written in the box
to denote the possibility to have these elements as child elements. 


      -----------------
      | KeyContainer  |
      |---------------|
      | EncryptionKey |
      | Signature     |
      | ...           |
      -----------------
              |
              |
             /|\ 1..n
      ----------------        ----------------
      | KeyPackage   |    0..1| DeviceInfo   |
      |--------------|--------|--------------|
      |              |--      | SerialNumber |
      ----------------  |     | Manufacturer |
              |         |     | ....         |
              |         |     ----------------
             /|\ 0..1   |
      ----------------  |     --------------------
      | Key          |  | 0..1| CryptoModuleInfo |
      |--------------|   -----|------------------|
      | Id           |        | Id               |
      | Algorithm    |        |....              |
      | (UserId)     |        --------------------
      | (Policy)     |
      | ....         |
      ----------------
              |
              |
             /|\ 1..n      --------------
      ----------------     | PlainValue |
      | KeyData      |     --------------
      |--------------|          |
      | name         |    either|
      | value        |----------|
      | .....        |   ------------------
      ----------------   | EncryptedValue |
                         ------------------


                                 Figure 1



Ciao
Hannes
 


________________________________

	From: ext Philip Hoyer [mailto:phoyer at actividentity.com] 
	Sent: 27 May, 2009 14:00
	To: Philip Hoyer; Pei, Mingliang; Tschofenig, Hannes (NSN -
FI/Espoo); Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker;
SMachani at DIVERSINET.COM; KEYPROV
	Subject: RE: [KEYPROV] Latest version of PSKC
	
	

	As discussed on the call yesterday please find attached the latest
version including section 6.4 on Padding (specified as PKCS5 for now.

	 

	I also corrected a couple of xml nags so it converts properly now.

	 

	Philip

	 

	________________________________

		From: keyprov-bounces at ietf.org
[mailto:keyprov-bounces at ietf.org] On Behalf Of Philip Hoyer
	Sent: Tuesday, May 26, 2009 2:08 PM
	To: Pei, Mingliang; Tschofenig, Hannes (NSN - FI/Espoo);
Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM;
KEYPROV
	Subject: Re: [KEYPROV] Latest version of PSKC

	 

	All,

	Please find attached a new updated version.

	 

	*	Changed the CryptoModuleInfo.Id to mandatory in the schema 
	*	Added namespace Identifier section in line with DSKPP 

		*	Added required informational references 

		*	Corrected IANA XML URN registration section (was
still referencing version in URN) 

	 

	I believe this one is ready to be submitted.

	 

	Quick question do we want to re-introduce the terminology section?

	 

	Philip

	 

	________________________________

		From: Pei, Mingliang [mailto:mpei at verisign.com] 
	Sent: Wednesday, May 20, 2009 12:00 AM
	To: Philip Hoyer; Tschofenig, Hannes (NSN - FI/Espoo);
Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM;
KEYPROV
	Subject: RE: [KEYPROV] Latest version of PSKC

	 

	Hi Philip,

	 

	Thanks for the addition. I am good for the description about the
CryptoModuleInfo. We need to change schema section to reflect Id being
MANDATORY. Currently, it is optional. It is sufficient that the element of
CryptoModuleInfo is optional in a Key type.

	 

	- Ming

		 

		________________________________

				From: Philip Hoyer
[mailto:phoyer at actividentity.com] 
		Sent: Tuesday, May 19, 2009 3:10 AM
		To: Pei, Mingliang; Tschofenig, Hannes (NSN - FI/Espoo);
Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM;
KEYPROV
		Subject: RE: [KEYPROV] Latest version of PSKC

		Ming,

		Another updated version:

		 

		-          corrected a couple of typos on the MACMethod and
added normative reference to PKCS5

		-          added a new section around CryptoModuleInfo
(section 4.2.2) - please all review the text.

		-          Reworded introduction

		 

		Philip

		 

		________________________________

				From: Pei, Mingliang
[mailto:mpei at verisign.com] 
		Sent: Tuesday, May 19, 2009 4:11 AM
		To: Philip Hoyer; Tschofenig, Hannes (NSN - FI/Espoo);
Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM;
KEYPROV
		Subject: RE: [KEYPROV] Latest version of PSKC

		 

		Here is a newly updated version with the following changes:

		 

		- MACMethod description in the key protection section
		- PBE example fixed
		- Describe how IV is conveyed
		- Reference section: add reference about W3C derived key and
KW-AES with padding

		- Ming

			 

			________________________________

						From: Philip Hoyer
[mailto:phoyer at actividentity.com] 
			Sent: Friday, May 15, 2009 5:02 AM
			To: Philip Hoyer; Tschofenig, Hannes (NSN -
FI/Espoo); Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker;
SMachani at DIVERSINET.COM; Pei, Mingliang; KEYPROV
			Subject: RE: [KEYPROV] Latest version of PSKC

			Ladies and Gentlemen,

			Another version with some revisions:

			*	Added the MACMethod to the symmetric
encrypted example and generated proper  values programmatically (added
definition of values to the spec) 
			*	Corrected some other typos 
			*	Corrected other incorrect examples
(asymmetric, bulk..) 
			*	Changes the schema to reflect the current
use of AlgorithmParameters instead of Algorithm Attributes 

			 

			TODO:

			Ming to correct passphrase based example.

			 

			Still need to address comments:

			 

			.         Tim Moses: I think foreign XML namespaces
should be declared somewhere (e.g. XMLEnc). Not left in the schema itself
but maybe in the terminology section or separate section

			*	Andrea has the same comment: * S1.0 - Please
refer to DSKPP S1.1, S1.2, and S1.3 for Versioning and XML namespace info.
This same info is covered in PSKC, but much later.  It would be easier for
KEYPROV readers to find the info is organized in the same place across both
docs. 
			*	Do we need to support different padding
algorithms or are we happy to only support PKCS5 padding for not padded
algorithms (e.g. AESCBC-128?) 

			 

			 

			Philip

			 

			________________________________

						From:
keyprov-bounces at ietf.org [mailto:keyprov-bounces at ietf.org] On Behalf Of
Philip Hoyer
			Sent: Wednesday, May 13, 2009 6:53 PM
			To: Tschofenig, Hannes (NSN - FI/Espoo);
Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM;
Pei, Mingliang; KEYPROV
			Subject: [KEYPROV] Latest version of PSKC

			 

			Ladies and Gentlemen,

			Please find attached the latest schema and PSKC
draft.

			 

			I have addressed most of the editorial comments from
Andrea, Salah and Tim Moses

			 

			Please note that I have not yet changes the
AlgorithmParameters to AlgorithmAttributes, please see my separate email on
this subject.

			 

			TODO:

			.         Ming needs to update the passphrase
example

			.         Ming to add description of MACMethod

			.         Philip to change Symmetric key encrypted
example to reflect MACMethod

			 

			Comments to be addressed:

			.         Tim Moses: I think foreign XML namespaces
should be declared somewhere (e.g. XMLEnc). Not left in the schema itself
but maybe in the terminology section or separate section

			*	Andrea has the same comment: * S1.0 - Please
refer to DSKPP S1.1, S1.2, and S1.3 for Versioning and XML namespace info.
This same info is covered in PSKC, but much later.  It would be easier for
KEYPROV readers to find the info is organized in the same place across both
docs. 
			*	Do we need to support different padding
algorithms or are we happy to only support PKCS5 padding for not padded
algorithms (e.g. AESCBC-128?) 

			 

			Philip

			 

			________________________________

			 

			Philip Hoyer 

			 

			Senior Architect - Office of CTO

			 

			ActivIdentity (UK)

			117 Waterloo Road

			London SE1 8UL

			 

			Telephone: +44 (0) 20 7960 0220

			Fax: +44 (0) 20 7902 1985

			 

			Private and confidential: This message and any
attachments may contain

			privileged / confidential information. If you are
not an intended recipient,

			you must not copy, distribute, discuss or take any
action in reliance on it.

			If you have received this communication in error,
please notify the sender

			and delete this message immediately.