Re: [KEYPROV] PROTOWRITEUPfor draft-ietf-keyprov-symmetrickeyformat-07
"Bajaj, Siddharth" <SBajaj@verisign.com> Wed, 03 March 2010 18:24 UTC
Return-Path: <SBajaj@verisign.com>
X-Original-To: keyprov@core3.amsl.com
Delivered-To: keyprov@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E782928C232 for <keyprov@core3.amsl.com>; Wed, 3 Mar 2010 10:24:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.202
X-Spam-Level:
X-Spam-Status: No, score=-5.202 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tWVdLwyPvxO1 for <keyprov@core3.amsl.com>; Wed, 3 Mar 2010 10:24:47 -0800 (PST)
Received: from robin.verisign.com (robin.verisign.com [65.205.251.75]) by core3.amsl.com (Postfix) with ESMTP id 564FB28C1F5 for <keyprov@ietf.org>; Wed, 3 Mar 2010 10:24:47 -0800 (PST)
Received: from MOU1WNEXCN02.vcorp.ad.vrsn.com (mailer2.verisign.com [65.205.251.35]) by robin.verisign.com (8.12.11/8.13.4) with ESMTP id o23IOQMx032510; Wed, 3 Mar 2010 10:24:47 -0800
Received: from MOU1WNEXMB03.vcorp.ad.vrsn.com ([10.25.13.156]) by MOU1WNEXCN02.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 3 Mar 2010 10:24:47 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CABAFE.CBB13DC8"
Date: Wed, 03 Mar 2010 10:21:31 -0800
Message-ID: <F4E86EE3B25D5B4686A74658EB3593E13A46D8@mou1wnexmb03.vcorp.ad.vrsn.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [KEYPROV] PROTOWRITEUPfor draft-ietf-keyprov-symmetrickeyformat-07
Thread-Index: Acq68LeuM9e9Re9PQxC438n4/Vx3TQADaF8r
References: <5BFE9E473DBFC24CA87F18F29B3F0AC406890589@sur-corp-ex-02.corp.ad.activcard.com> <4B8E91C6.4040507@telia.com>
From: "Bajaj, Siddharth" <SBajaj@verisign.com>
To: Anders Rundgren <anders.rundgren@telia.com>, Philip Hoyer <phoyer@actividentity.com>
X-OriginalArrivalTime: 03 Mar 2010 18:24:47.0621 (UTC) FILETIME=[CE210350:01CABAFE]
Cc: keyprov@ietf.org
Subject: Re: [KEYPROV] PROTOWRITEUPfor draft-ietf-keyprov-symmetrickeyformat-07
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2010 18:24:50 -0000
Hi Anders, I'll beg to differ you with you - several OATH members including VeriSign have implemented drafts of the online provisioning protocol in their products today. Others are waiting for this standard to be finalized so that they can implement the final versions. Thanks, Siddharth ________________________________ From: keyprov-bounces@ietf.org on behalf of Anders Rundgren Sent: Wed 3/3/2010 8:43 AM To: Philip Hoyer Cc: keyprov@ietf.org Subject: Re: [KEYPROV] PROTOWRITEUPfor draft-ietf-keyprov-symmetrickeyformat-07 Philip Hoyer wrote: > And how is that redundant to an openly discussed peer reviewed agreed > IETF standard that RSA has also contributed to? There has indeed been open discussions regarding the *content* of draft. However, there has not been much open discussions regarding *utility* and *deployment*, something which I feel has hampered the entire KEYPROV effort. Why would anybody in their right mind use on-line provisioning with DSKPP for discrete OTP tokens? Isn't sort of half the value with OTP *getting away* from middleware? RSA, VeriSign, Nicrosoft, IBM etc have contributed to many standards but not all of them have been successful in the marketplace. Anders > > > ----- Original Message ----- > From: Anders Rundgren <anders.rundgren@telia.com> > To: Philip Hoyer > Cc: turners@ieca.com <turners@ieca.com>; keyprov@ietf.org <keyprov@ietf.org> > Sent: Wed Mar 03 17:10:46 2010 > Subject: Re: [KEYPROV] PROTO WRITEUPfor > draft-ietf-keyprov-symmetrickeyformat-07 > > Philip Hoyer wrote: > > Redundant to what exactly? > > I believe I elaborated that in my initial posting. > > RSA have had seeds distributed in XML format for ages and they work > on multiple platforms including mobile phones. > > > Anders > > > > > > > ----- Original Message ----- > > From: keyprov-bounces@ietf.org <keyprov-bounces@ietf.org> > > To: Sean Turner <turners@ieca.com> > > Cc: keyprov@ietf.org <keyprov@ietf.org> > > Sent: Wed Mar 03 15:54:36 2010 > > Subject: Re: [KEYPROV] PROTO WRITEUPfor > > draft-ietf-keyprov-symmetrickeyformat-07 > > > > Sean Turner wrote: > > > Anders, > > > > > > PSKC is the mandatory to implement key package and nobody, that I am > > > aware of, is trying to change that. The container defined in > > > draft-ietf-keyprov-symmetrickeyformat-07 is optional to implement. > > > > I just said that it felt like a redundant solution. > > > > /anders > > > > > > > > > > spt > > > > > > Anders Rundgren wrote: > > >> The document is great from a technical point of view. > > >> > > >> The utility is questionable since PSKC does the same > > >> thing and also interopes with DSKPP. The rationale > > >> (which has been mentioned but not been put on paper) > > >> "cards cannot process XML" is true but provisioning > > >> generally relies on middleware doing the unpacking > > >> and then through some API inserting keys and attributes > > >> in the card. > > >> > > >> Creating tokens that would decipher CMS is technically > > >> doable but there is absolutely no point with that > > >> > > >> In case you want to know how you can deal with XML, > > >> secure transfer of secrets, and still keep the token > > >> device unaware of sophisticated data structures and > > >> public key verification you may take a peek in the > > >> following document: > > >> > > >> "setPiggybackedSymmetricKey" > > >> > > >> http://webpki.org/papers/keygen2/sks-api-arch.pdf <https://connect.verisign.com/papers/keygen2/,DanaInfo=.awfdsonFvzp+sks-api-arch.pdf> > > >> > > >> Anders > > >> _______________________________________________ > > >> KEYPROV mailing list > > >> KEYPROV@ietf.org > > >> https://www.ietf.org/mailman/listinfo/keyprov <https://connect.verisign.com/mailman/listinfo/,DanaInfo=.awxyCmjzmHx1r,SSL+keyprov> > > >> > > > > > > > _______________________________________________ > > KEYPROV mailing list > > KEYPROV@ietf.org > > https://www.ietf.org/mailman/listinfo/keyprov <https://connect.verisign.com/mailman/listinfo/,DanaInfo=.awxyCmjzmHx1r,SSL+keyprov> > > > _______________________________________________ KEYPROV mailing list KEYPROV@ietf.org https://www.ietf.org/mailman/listinfo/keyprov <https://connect.verisign.com/mailman/listinfo/,DanaInfo=.awxyCmjzmHx1r,SSL+keyprov>
- Re: [KEYPROV] PROTO WRITEUPfor draft-ietf-keyprov… Philip Hoyer
- Re: [KEYPROV] PROTO WRITEUPfor draft-ietf-keyprov… Anders Rundgren
- Re: [KEYPROV] PROTO WRITEUPfor draft-ietf-keyprov… Philip Hoyer
- Re: [KEYPROV] PROTO WRITEUPfor draft-ietf-keyprov… Anders Rundgren
- Re: [KEYPROV] PROTOWRITEUPfor draft-ietf-keyprov-… Bajaj, Siddharth
- Re: [KEYPROV] PROTOWRITEUPfor draft-ietf-keyprov-… Anders Rundgren
- [KEYPROV] Correction Re: PROTOWRITEUPfor draft-ie… Anders Rundgren
- Re: [KEYPROV] Correction Re:PROTOWRITEUPfor draft… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [KEYPROV] Correction Re:PROTOWRITEUPfor draft… Anders Rundgren
- Re: [KEYPROV] Correction Re:PROTOWRITEUPfor draft… Hannes Tschofenig
- [KEYPROV] "Authentication for the Cloud". Was: Co… Anders Rundgren