< draft-mavrogiannopoulos-tpmuri-00.txt		draft-mavrogiannopoulos-tpmuri-01.txt >
	Network Working Group C. Latze		Network Working Group C. Latze
	Internet-Draft Swisscom		Internet-Draft Swisscom
	Intended status: Standards Track N. Mavrogiannopoulos		Intended status: Standards Track N. Mavrogiannopoulos
	Expires: July 22, 2013 KU Leuven		Expires: July 29, 2013 KU Leuven
	January 18, 2013		January 25, 2013
	The TPMKEY URI Scheme		The TPMKEY URI Scheme
	draft-mavrogiannopoulos-tpmuri-00		draft-mavrogiannopoulos-tpmuri-01
	Abstract		Abstract
	This memo specifies a TPMKEY Uniform Resource Identifier (URI) Scheme		This memo specifies a TPMKEY Uniform Resource Identifier (URI) Scheme
	for identifying cryptographic keys stored in TPM chips and access		for identifying cryptographic keys stored in TPM chips and accessed
	using the TCG Software Stack (TSS). The URI is based on how TPM keys		using the TCG Software Stack (TSS). The URI is based on how TPM keys
	are identified in the TSS specification.		are identified in the TSS specification.
	Status of This Memo		Status of This Memo
	This Internet-Draft is submitted in full conformance with the		This Internet-Draft is submitted in full conformance with the
	provisions of BCP 78 and BCP 79.		provisions of BCP 78 and BCP 79.
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on July 22, 2013.		This Internet-Draft will expire on July 29, 2013.
	Copyright Notice		Copyright Notice
	Copyright (c) 2013 IETF Trust and the persons identified as the		Copyright (c) 2013 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 2, line 13 ¶		skipping to change at page 2, line 13 ¶
	described in the Simplified BSD License.		described in the Simplified BSD License.
	Table of Contents		Table of Contents
	1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3		1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
	2. TPMKEY URI Scheme Definition . . . . . . . . . . . . . . . . . 3		2. TPMKEY URI Scheme Definition . . . . . . . . . . . . . . . . . 3
	2.1. TPMKEY URI Scheme Name . . . . . . . . . . . . . . . . . . 3		2.1. TPMKEY URI Scheme Name . . . . . . . . . . . . . . . . . . 3
	2.2. TPMKEY URI Scheme Status . . . . . . . . . . . . . . . . . 3		2.2. TPMKEY URI Scheme Status . . . . . . . . . . . . . . . . . 3
	2.3. TPMKEY URI Scheme Syntax . . . . . . . . . . . . . . . . . 3		2.3. TPMKEY URI Scheme Syntax . . . . . . . . . . . . . . . . . 3
	2.4. TPMKEY URI scheme semantics . . . . . . . . . . . . . . . . 4		2.4. TPMKEY URI scheme semantics . . . . . . . . . . . . . . . . 4
	2.5. TPMKEY encoding considerations . . . . . . . . . . . . . . 4		2.5. Applicability of the TPMKEY URI scheme . . . . . . . . . . 4
	2.6. applications/ protocols that use the TPMKEY URI scheme . . 4		3. Examples of TPMKEY URI Schemes . . . . . . . . . . . . . . . . 4
	3. Examples of TPMKEY URI Schemes . . . . . . . . . . . . . . . . 5
	4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5		4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
	5. Security Considerations . . . . . . . . . . . . . . . . . . . . 5		5. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
	6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5		6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5
	7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5		7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5
	7.1. Normative References . . . . . . . . . . . . . . . . . . . 5		7.1. Normative References . . . . . . . . . . . . . . . . . . . 5
	7.2. Informative References . . . . . . . . . . . . . . . . . . 6		7.2. Informative References . . . . . . . . . . . . . . . . . . 6
	1. Introduction		1. Introduction
	The Trusted Platform Module (TPM) is a trusted piece of hardware		The Trusted Platform Module (TPM) is a trusted piece of hardware
	skipping to change at page 3, line 42 ¶		skipping to change at page 3, line 42 ¶
	since the authority part could not be mapped to TPM key elements.		since the authority part could not be mapped to TPM key elements.
	The URI scheme does not use the optional query and fragment elements.		The URI scheme does not use the optional query and fragment elements.
	2. TPMKEY URI Scheme Definition		2. TPMKEY URI Scheme Definition
	In accordance with [RFC4395], this section provides the information		In accordance with [RFC4395], this section provides the information
	required to register the TPMKEY URI scheme.		required to register the TPMKEY URI scheme.
	2.1. TPMKEY URI Scheme Name		2.1. TPMKEY URI Scheme Name
	tsskey		tpmkey
	2.2. TPMKEY URI Scheme Status		2.2. TPMKEY URI Scheme Status
	Provisional.		Provisional.
	2.3. TPMKEY URI Scheme Syntax		2.3. TPMKEY URI Scheme Syntax
	The TPMKEY URI scheme is a sequence of attribute value pairs		The TPMKEY URI scheme is a sequence of attribute value pairs
	separated by a semicolon. In accordance with [RFC3986], the data		separated by a semicolon. In accordance with [RFC3986], the data
	should first be encoded as octets according to the UTF-8 character		should first be encoded as octets according to the UTF-8 character
	encoding [RFC3629]; then only those octets that do not correspond to		encoding [RFC3629]; then only those octets that do not correspond to
	characters in the unreserved set or to permitted characters from the		characters in the unreserved set or to permitted characters from the
	reserved set should be percent-encoded. Rules "unreserved" and "pct-		reserved set should be percent-encoded. Rules "unreserved" and "pct-
	encoded" in the TPMKEY specification below were imported from		encoded" in the TPMKEY specification below were imported from
	[RFC3986]. As a special case, note that according to [RFC3986], a		[RFC3986]. As a special case, note that according to [RFC3986], a
	space must be percent-encoded.		space must be percent-encoded.
	A TPMKEY URI takes the form (for explanation of Augmented BNF, see		A TPMKEY URI takes the form (for explanation of Augmented BNF, see
	[RFC5234]):		[RFC5234]):
	tsskey-URI = "tsskey" ":" tsskey-identifier		tpmkey-URI = "tpmkey" ":" tpmkey-identifier
	tsskey-identifier = *1(tsskey-attr *(";" tsskey-attr))		tpmkey-identifier = *1(tpmkey-attr *(";" tpmkey-attr))
	tsskey-attr = tsskey-uuid / tsskey-file / pk11-storage		tpmkey-attr = tpmkey-uuid / tpmkey-file / pk11-storage
	tsskey-reserved-avail = ":" / "[" / "]" / "@" / "!" / "$" /		tpmkey-reserved-avail = ":" / "[" / "]" / "@" / "!" / "$" /
	"&" / "'" / "(" / ")" / "*" / "+" /		"&" / "'" / "(" / ")" / "*" / "+" /
	"," / "="		"," / "="
	tsskey-char = unreserved / tsskey-reserved-avail /		tpmkey-char = unreserved / tpmkey-reserved-avail /
	pct-encoded		pct-encoded
	tsskey-file = "file" "=" *tsskey-char		tpmkey-file = "file" "=" *tpmkey-char
	tsskey-uuid = "uuid" "=" *tsskey-char		tpmkey-uuid = "uuid" "=" UUID
	tsskey-storage = "storage" "=" *1("user" / "system")		tpmkey-storage = "storage" "=" *1("user" / "system")
	The attribute "file" represents a filename and corresponds to a file		More specifically, the attribute "uuid" represents a unique
	that contains a BER-encoded blob in accordance with the ASN.1 data		identifier of a TPM key and its structure is defined in [RFC4122].
	definitions in the Portable Data section of the Trusted Computing		The attribute "storage" corresponds to the storage subsystem used
	Group Software Stack Specification Version 1.2. The attribute "uuid"		(user or system). The attribute "file" represents a filename and
	represents a unique identifier of a TPM key and the attribute		corresponds to a file that contains a BER-encoded blob in accordance
	"storage" corresponds to the storage subsystem used (user or system).		with the ASN.1 data definitions in the Portable Data section of the
			Trusted Computing Group Software Stack Specification Version 1.2.
	2.4. TPMKEY URI scheme semantics		2.4. TPMKEY URI scheme semantics
	The TPMKEY URI scheme is used to reference TPM keys through the TSS.		The TPMKEY URI scheme is used to reference TPM keys through the TSS.
	The allowed operations on the URI are defined by the TSS		The allowed operations on the URI are defined by the TSS
	specification.		specification.
	2.5. TPMKEY encoding considerations		2.5. Applicability of the TPMKEY URI scheme
	Not sure what to write here
	2.6. applications/ protocols that use the TPMKEY URI scheme
	The TPMKEY URI scheme SHOULD be used by all application and protocols		The TPMKEY URI scheme is relevant to applications and protocols that
	that use the TPM through the TSS.		need to identify TPM keys that are accessed through TSS.
	3. Examples of TPMKEY URI Schemes		3. Examples of TPMKEY URI Schemes
	One of the simplest forms is from a key stored in the TSP.		One of the simplest forms is from a key stored in the TSP.
	tsskey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user		tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user
	A TPM key that is stored in a system's file.		A TPM key that is stored in a system's file.
	tsskey:file=/path/to/file		tpmkey:file=/path/to/file
	4. IANA Considerations		4. IANA Considerations
	This document registers a URI scheme. The registration template can		This document registers a URI scheme. The registration template can
	be found in Section 3 of this document.		be found in Section 2 of this document.
	5. Security Considerations		5. Security Considerations
	There are security considerations for URI schemes discussed in		There are security considerations for URI schemes discussed in
	[RFC3986].		[RFC3986].
	Given that the TPMKEY URI is also supposed to be used in command line		Given that the TPMKEY URI is also supposed to be used in command line
	arguments to running programs, and those arguments can be world		arguments to running programs, and those arguments can be world
	readable on some systems, the URI intentionaly does not allow for		readable on some systems, the URI intentionaly does not allow for
	specifying the TPM key password as a URI attribute.		specifying the TPM key password as a URI attribute.
	6. Acknowledgements		6. Acknowledgements
	This document derives from [PKCS11URI]. Furthermore the authors want		This document derives from [I-D.pechanec-pkcs11uri]. Furthermore the
	to thank Greg Kazmierczak for early feedback.		authors want to thank Greg Kazmierczak for early feedback.
	7. References		7. References
	7.1. Normative References		7.1. Normative References
	[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform		[RFC3986] Berners-Lee, T., Fielding, R., and L.
	Resource Identifier (URI): Generic Syntax", STD 66,		Masinter, "Uniform Resource Identifier
	RFC 3986, January 2005.		(URI): Generic Syntax", STD 66, RFC 3986,
			January 2005.
	[RFC4395] Hansen, T., Hardie, T., and L. Masinter, "Guidelines and		[RFC4395] Hansen, T., Hardie, T., and L. Masinter,
	Registration Procedures for New URI Schemes", BCP 35,		"Guidelines and Registration Procedures for
	RFC 4395, February 2006.		New URI Schemes", BCP 35, RFC 4395,
			February 2006.
	[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO		[RFC3629] Yergeau, F., "UTF-8, a transformation
	10646", STD 63, RFC 3629, November 2003.		format of ISO 10646", STD 63, RFC 3629,
			November 2003.
	[TPMMAIN] "TPM Main Specification".		[RFC4122] Leach, P., Mealling, M., and R. Salz, "A
			Universally Unique IDentifier (UUID) URN
			Namespace", RFC 4122, July 2005.
	[TSS] "TCG Software Stack (TSS) Specification".		[TPMMAIN] TCG, "TPM Main Specification Version 1.2",
			March 2011.
			[TSS] TCG, "TCG Software Stack (TSS)
			Specification Version 1.2", March 2007.
	7.2. Informative References		7.2. Informative References
	[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax		[RFC5234] Crocker, D. and P. Overell, "Augmented BNF
	Specifications: ABNF", STD 68, RFC 5234, January 2008.		for Syntax Specifications: ABNF", STD 68,
			RFC 5234, January 2008.
	[PKCS11URI] "The PKCS#11 URI Scheme", Internet Draft , Feb 2012.		[I-D.pechanec-pkcs11uri] Pechanec, J. and D. Moffat, "The PKCS#11
			URI Scheme", draft-pechanec-pkcs11uri-07
			(work in progress), December 2012.
	Authors' Addresses		Authors' Addresses
	Carolin Latze		Carolin Latze
	Swisscom Switzerland Ltd		Swisscom Switzerland Ltd
	Ostermundigenstrasse 93		Ostermundigenstrasse 93
	Bern, 3008		Bern, 3008
	Switzerland		Switzerland
	EMail: carolin.latze@swisscom.com		EMail: carolin.latze@swisscom.com
End of changes. 23 change blocks.
	48 lines changed or deleted		56 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/