IETF Logo Mail Archive

Re: [KEYPROV] PROTO WRITEUPfor draft-ietf-keyprov-symmetrickeyformat-07

Anders Rundgren <anders.rundgren@telia.com> Wed, 03 March 2010 16:43 UTC

Return-Path: <anders.rundgren@telia.com>
X-Original-To: keyprov@core3.amsl.com
Delivered-To: keyprov@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8E0883A8B5C for <keyprov@core3.amsl.com>; Wed, 3 Mar 2010 08:43:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uE4fBGsanHnA for <keyprov@core3.amsl.com>; Wed, 3 Mar 2010 08:43:51 -0800 (PST)
Received: from mail.primekey.se (walter.primekey.se [195.149.137.135]) by core3.amsl.com (Postfix) with ESMTP id 38AEC3A8B5B for <keyprov@ietf.org>; Wed, 3 Mar 2010 08:43:51 -0800 (PST)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by mail.primekey.se (Postfix) with ESMTP id D77A2C3C98; Wed, 3 Mar 2010 17:43:50 +0100 (CET)
Message-ID: <4B8E91C6.4040507@telia.com>
Date: Wed, 03 Mar 2010 17:43:50 +0100
From: Anders Rundgren <anders.rundgren@telia.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Philip Hoyer <phoyer@actividentity.com>
References: <5BFE9E473DBFC24CA87F18F29B3F0AC406890589@sur-corp-ex-02.corp.ad.activcard.com>
In-Reply-To: <5BFE9E473DBFC24CA87F18F29B3F0AC406890589@sur-corp-ex-02.corp.ad.activcard.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: keyprov@ietf.org
Subject: Re: [KEYPROV] PROTO WRITEUPfor draft-ietf-keyprov-symmetrickeyformat-07
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2010 16:43:52 -0000

Philip Hoyer wrote:
> And how is that redundant to an openly discussed peer reviewed agreed 
> IETF standard that RSA has also contributed to?

There has indeed been open discussions regarding the *content* of
draft.  However, there has not been much open discussions regarding
*utility* and *deployment*, something which I feel has hampered the
entire KEYPROV effort.

Why would anybody in their right mind use on-line provisioning with
DSKPP for discrete OTP tokens?  Isn't sort of half the value with OTP
*getting away* from middleware?

RSA, VeriSign, Nicrosoft, IBM etc have contributed to many standards but
not all of them have been successful in the marketplace.

Anders

> 
> 
> ----- Original Message -----
> From: Anders Rundgren <anders.rundgren@telia.com>
> To: Philip Hoyer
> Cc: turners@ieca.com <turners@ieca.com>; keyprov@ietf.org <keyprov@ietf.org>
> Sent: Wed Mar 03 17:10:46 2010
> Subject: Re: [KEYPROV] PROTO WRITEUPfor 
> draft-ietf-keyprov-symmetrickeyformat-07
> 
> Philip Hoyer wrote:
>  > Redundant to what exactly?
> 
> I believe I elaborated that in my initial posting.
> 
> RSA have had seeds distributed in XML format for ages and they work
> on multiple platforms including mobile phones.
> 
> 
> Anders
> 
>  >
>  >
>  > ----- Original Message -----
>  > From: keyprov-bounces@ietf.org <keyprov-bounces@ietf.org>
>  > To: Sean Turner <turners@ieca.com>
>  > Cc: keyprov@ietf.org <keyprov@ietf.org>
>  > Sent: Wed Mar 03 15:54:36 2010
>  > Subject: Re: [KEYPROV] PROTO WRITEUPfor
>  > draft-ietf-keyprov-symmetrickeyformat-07
>  >
>  > Sean Turner wrote:
>  >  > Anders,
>  >  >
>  >  > PSKC is the mandatory to implement key package and nobody, that I am
>  >  > aware of, is trying to change that.  The container defined in
>  >  > draft-ietf-keyprov-symmetrickeyformat-07 is optional to implement.
>  >
>  > I just said that it felt like a redundant solution.
>  >
>  > /anders
>  >
>  >
>  >  >
>  >  > spt
>  >  >
>  >  > Anders Rundgren wrote:
>  >  >> The document is great from a technical point of view.
>  >  >>
>  >  >> The utility is questionable since PSKC does the same
>  >  >> thing and also interopes with DSKPP.  The rationale
>  >  >> (which has been mentioned but not been put on paper)
>  >  >> "cards cannot process XML" is true but provisioning
>  >  >> generally relies on middleware doing the unpacking
>  >  >> and then through some API inserting keys and attributes
>  >  >> in the card.
>  >  >>
>  >  >> Creating tokens that would decipher CMS is technically
>  >  >> doable but there is absolutely no point with that
>  >  >>
>  >  >> In case you want to know how you can deal with XML,
>  >  >> secure transfer of secrets, and still keep the token
>  >  >> device unaware of sophisticated data structures and
>  >  >> public key verification you may take a peek in the
>  >  >> following document:
>  >  >>
>  >  >> "setPiggybackedSymmetricKey"
>  >  >>
>  >  >> http://webpki.org/papers/keygen2/sks-api-arch.pdf
>  >  >>
>  >  >> Anders
>  >  >> _______________________________________________
>  >  >> KEYPROV mailing list
>  >  >> KEYPROV@ietf.org
>  >  >> https://www.ietf.org/mailman/listinfo/keyprov
>  >  >>
>  >  >
>  >
>  > _______________________________________________
>  > KEYPROV mailing list
>  > KEYPROV@ietf.org
>  > https://www.ietf.org/mailman/listinfo/keyprov
>  >
>

v2.23.0 | Report a Bug | By Email