Re: [cicm] Use Cases

"Novikov, Lev" <lnovikov@mitre.org> Tue, 30 August 2011 15:03 UTC

Return-Path: <lnovikov@mitre.org>
X-Original-To: cicm@ietfa.amsl.com
Delivered-To: cicm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3FBC21F8C83 for <cicm@ietfa.amsl.com>; Tue, 30 Aug 2011 08:03:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.547
X-Spam-Level:
X-Spam-Status: No, score=-6.547 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NrMupyPIpmYe for <cicm@ietfa.amsl.com>; Tue, 30 Aug 2011 08:03:45 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 532FE21F8C7B for <cicm@ietf.org>; Tue, 30 Aug 2011 08:03:45 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 7ECB721B1991 for <cicm@ietf.org>; Tue, 30 Aug 2011 11:05:12 -0400 (EDT)
Received: from imchub2.MITRE.ORG (imchub2.mitre.org [129.83.29.74]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 7A53D21B1379 for <cicm@ietf.org>; Tue, 30 Aug 2011 11:05:12 -0400 (EDT)
Received: from IMCMBX3.MITRE.ORG ([129.83.29.206]) by imchub2.MITRE.ORG ([129.83.29.74]) with mapi; Tue, 30 Aug 2011 11:05:12 -0400
From: "Novikov, Lev" <lnovikov@mitre.org>
To: CICM Discussion List <cicm@ietf.org>
Date: Tue, 30 Aug 2011 11:04:21 -0400
Thread-Topic: [cicm] Use Cases
Thread-Index: AcxkPvbugw7FLYN7TPOoFiP6PoW3aAC5ccDg
Message-ID: <F9AB58FA72BAE7449E7723791F6993ED0630F943F4@IMCMBX3.MITRE.ORG>
References: <F9AB58FA72BAE7449E7723791F6993ED0630EDD3B8@IMCMBX3.MITRE.ORG> <CAOPE6Phjw8Acd9x=rQmCyxVfRgH+ORgfkFdcHmJwTffWRUVE_Q@mail.gmail.com>
In-Reply-To: <CAOPE6Phjw8Acd9x=rQmCyxVfRgH+ORgfkFdcHmJwTffWRUVE_Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [cicm] Use Cases
X-BeenThere: cicm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: CICM Discussion List <cicm@ietf.org>
List-Id: CICM Discussion List <cicm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cicm>, <mailto:cicm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cicm>
List-Post: <mailto:cicm@ietf.org>
List-Help: <mailto:cicm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cicm>, <mailto:cicm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Aug 2011 15:03:45 -0000

Kevin,

On 2011-08-26 16:34, Lev Novikov wrote:
> 2. Traditional data-in-transit and -at-reset case (cf. PKCS#11)

On 2011-08-26 18:25, Kevin Wall wrote:
> I presume that you meant 'at-rest' rather than 'at-reset' here?

Yes. Hopefully we're not resetting the data when we store it.

On 2011-08-26 18:25, Kevin Wall wrote:
> What are your assumptions about crypto keys? Are you assuming that
> 2 parties have already met and shared keys (probably out of band)?
> If not, then I could see maybe use cases involving secure key 
> exchange. However, I suspect that is considered out of scope.

I don't think the model should assume that keys were pre-shared. For 
example, CICM currently supports negotiating an asymmetric key which 
results in an ephemeral symmetric key.

See: http://tools.ietf.org/html/draft-lanz-cicm-cm-01#section-8

Therefore, adding a use case for a secure key exchange seems 
reasonable (assuming I understood your proposed case correctly).

Lev