Hannes,
1) This point addresses explicit comments from Andrea Doherty, Tim Moses etc and also aligns it with DSKPP. I know it is a bit boring but we were asked to explicitly state eferenced namespaces.
2) Agree on most and will post updated diagram.
Philip
----- Original Message -----
From: Hannes Tschofenig <Hannes.Tschofenig at gmx.net>
To: Philip Hoyer; Pei, Mingliang <mpei at verisign.com>; Hannes.Tschofenig at gmx.net <Hannes.Tschofenig at gmx.net>; Phillip Hallam-Baker <hallam at gmail.com>; SMachani at DIVERSINET.COM <SMachani at DIVERSINET.COM>; KEYPROV <keyprov at ietf.org>
Sent: Tue Jun 02 21:03:58 2009
Subject: RE: [KEYPROV] Latest version of PSKC
Hi Philip,
I only have two comments:
1) New Sub-Sections
I would delete the following new sub-sections since they add no new content.
They only replicate the content from later section. Additionally, for most
readers this is not even interesting information. The namespace identifiers
are also pretty boring.
1.2. Versions . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3. Namespace Identifiers . . . . . . . . . . . . . . . . . . 4
1.3.1. Defined Identifiers . . . . . . . . . . . . . . . . . 4
1.3.2. Referenced Identifiers . . . . . . . . . . . . . . . . 5
2) A few minor things about the figure.
The symbol "(" is not explained and I believe we should omit it with
(UserId) and (Policy). I assume it means optional but then we have to put
the brackets also to other elements/attributes.
There is no XML element KeyData; the element is called "Data". As child
elements one could list Counter and Secret.
I would omit the <PlainValue> and <EncryptedValue> box since they do not fit
into the way how the diagram is written.
Alternatively you could leave Data empty and draw a few boxes for Counter,
Secret, etc.
These boxes would then have PlainValue and EncryptedValue written in the box
to denote the possibility to have these elements as child elements.
-----------------
| KeyContainer |
|---------------|
| EncryptionKey |
| Signature |
| ... |
-----------------
|
|
/|\ 1..n
---------------- ----------------
| KeyPackage | 0..1| DeviceInfo |
|--------------|--------|--------------|
| |-- | SerialNumber |
---------------- | | Manufacturer |
| | | .... |
| | ----------------
/|\ 0..1 |
---------------- | --------------------
| Key | | 0..1| CryptoModuleInfo |
|--------------| -----|------------------|
| Id | | Id |
| Algorithm | |.... |
| (UserId) | --------------------
| (Policy) |
| .... |
----------------
|
|
/|\ 1..n --------------
---------------- | PlainValue |
| KeyData | --------------
|--------------| |
| name | either|
| value |----------|
| ..... | ------------------
---------------- | EncryptedValue |
------------------
Figure 1
Ciao
Hannes
________________________________
From: ext Philip Hoyer [mailto:phoyer at actividentity.com]
Sent: 27 May, 2009 14:00
To: Philip Hoyer; Pei, Mingliang; Tschofenig, Hannes (NSN -
FI/Espoo); Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker;
SMachani at DIVERSINET.COM; KEYPROV
Subject: RE: [KEYPROV] Latest version of PSKC
As discussed on the call yesterday please find attached the latest
version including section 6.4 on Padding (specified as PKCS5 for now.
I also corrected a couple of xml nags so it converts properly now.
Philip
________________________________
From: keyprov-bounces at ietf.org
[mailto:keyprov-bounces at ietf.org] On Behalf Of Philip Hoyer
Sent: Tuesday, May 26, 2009 2:08 PM
To: Pei, Mingliang; Tschofenig, Hannes (NSN - FI/Espoo);
Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM;
KEYPROV
Subject: Re: [KEYPROV] Latest version of PSKC
All,
Please find attached a new updated version.
* Changed the CryptoModuleInfo.Id to mandatory in the schema
* Added namespace Identifier section in line with DSKPP
* Added required informational references
* Corrected IANA XML URN registration section (was
still referencing version in URN)
I believe this one is ready to be submitted.
Quick question do we want to re-introduce the terminology section?
Philip
________________________________
From: Pei, Mingliang [mailto:mpei at verisign.com]
Sent: Wednesday, May 20, 2009 12:00 AM
To: Philip Hoyer; Tschofenig, Hannes (NSN - FI/Espoo);
Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM;
KEYPROV
Subject: RE: [KEYPROV] Latest version of PSKC
Hi Philip,
Thanks for the addition. I am good for the description about the
CryptoModuleInfo. We need to change schema section to reflect Id being
MANDATORY. Currently, it is optional. It is sufficient that the element of
CryptoModuleInfo is optional in a Key type.
- Ming
________________________________
From: Philip Hoyer
[mailto:phoyer at actividentity.com]
Sent: Tuesday, May 19, 2009 3:10 AM
To: Pei, Mingliang; Tschofenig, Hannes (NSN - FI/Espoo);
Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM;
KEYPROV
Subject: RE: [KEYPROV] Latest version of PSKC
Ming,
Another updated version:
- corrected a couple of typos on the MACMethod and
added normative reference to PKCS5
- added a new section around CryptoModuleInfo
(section 4.2.2) - please all review the text.
- Reworded introduction
Philip
________________________________
From: Pei, Mingliang
[mailto:mpei at verisign.com]
Sent: Tuesday, May 19, 2009 4:11 AM
To: Philip Hoyer; Tschofenig, Hannes (NSN - FI/Espoo);
Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM;
KEYPROV
Subject: RE: [KEYPROV] Latest version of PSKC
Here is a newly updated version with the following changes:
- MACMethod description in the key protection section
- PBE example fixed
- Describe how IV is conveyed
- Reference section: add reference about W3C derived key and
KW-AES with padding
- Ming
________________________________
From: Philip Hoyer
[mailto:phoyer at actividentity.com]
Sent: Friday, May 15, 2009 5:02 AM
To: Philip Hoyer; Tschofenig, Hannes (NSN -
FI/Espoo); Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker;
SMachani at DIVERSINET.COM; Pei, Mingliang; KEYPROV
Subject: RE: [KEYPROV] Latest version of PSKC
Ladies and Gentlemen,
Another version with some revisions:
* Added the MACMethod to the symmetric
encrypted example and generated proper values programmatically (added
definition of values to the spec)
* Corrected some other typos
* Corrected other incorrect examples
(asymmetric, bulk..)
* Changes the schema to reflect the current
use of AlgorithmParameters instead of Algorithm Attributes
TODO:
Ming to correct passphrase based example.
Still need to address comments:
. Tim Moses: I think foreign XML namespaces
should be declared somewhere (e.g. XMLEnc). Not left in the schema itself
but maybe in the terminology section or separate section
* Andrea has the same comment: * S1.0 - Please
refer to DSKPP S1.1, S1.2, and S1.3 for Versioning and XML namespace info.
This same info is covered in PSKC, but much later. It would be easier for
KEYPROV readers to find the info is organized in the same place across both
docs.
* Do we need to support different padding
algorithms or are we happy to only support PKCS5 padding for not padded
algorithms (e.g. AESCBC-128?)
Philip
________________________________
From:
keyprov-bounces at ietf.org [mailto:keyprov-bounces at ietf.org] On Behalf Of
Philip Hoyer
Sent: Wednesday, May 13, 2009 6:53 PM
To: Tschofenig, Hannes (NSN - FI/Espoo);
Hannes.Tschofenig at gmx.net; Phillip Hallam-Baker; SMachani at DIVERSINET.COM;
Pei, Mingliang; KEYPROV
Subject: [KEYPROV] Latest version of PSKC
Ladies and Gentlemen,
Please find attached the latest schema and PSKC
draft.
I have addressed most of the editorial comments from
Andrea, Salah and Tim Moses
Please note that I have not yet changes the
AlgorithmParameters to AlgorithmAttributes, please see my separate email on
this subject.
TODO:
. Ming needs to update the passphrase
example
. Ming to add description of MACMethod
. Philip to change Symmetric key encrypted
example to reflect MACMethod
Comments to be addressed:
. Tim Moses: I think foreign XML namespaces
should be declared somewhere (e.g. XMLEnc). Not left in the schema itself
but maybe in the terminology section or separate section
* Andrea has the same comment: * S1.0 - Please
refer to DSKPP S1.1, S1.2, and S1.3 for Versioning and XML namespace info.
This same info is covered in PSKC, but much later. It would be easier for
KEYPROV readers to find the info is organized in the same place across both
docs.
* Do we need to support different padding
algorithms or are we happy to only support PKCS5 padding for not padded
algorithms (e.g. AESCBC-128?)
Philip
________________________________
Philip Hoyer
Senior Architect - Office of CTO
ActivIdentity (UK)
117 Waterloo Road
London SE1 8UL
Telephone: +44 (0) 20 7960 0220
Fax: +44 (0) 20 7902 1985
Private and confidential: This message and any
attachments may contain
privileged / confidential information. If you are
not an intended recipient,
you must not copy, distribute, discuss or take any
action in reliance on it.
If you have received this communication in error,
please notify the sender
and delete this message immediately.