[KEYPROV] Converting enrollment protocols from XML to JSON

Anders Rundgren <anders.rundgren@telia.com> Wed, 18 September 2013 15:08 UTC

Return-Path: <anders.rundgren@telia.com>
X-Original-To: keyprov@ietfa.amsl.com
Delivered-To: keyprov@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id ED66111E8263 for <keyprov@ietfa.amsl.com>; Wed, 18 Sep 2013 08:08:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ZOIy8ANoUiZt for <keyprov@ietfa.amsl.com>; Wed, 18 Sep 2013 08:08:15 -0700 (PDT)
Received: from smtp-out21.han.skanova.net (smtp-out21.han.skanova.net []) by ietfa.amsl.com (Postfix) with ESMTP id 44FB711E8257 for <keyprov@ietf.org>; Wed, 18 Sep 2013 08:07:56 -0700 (PDT)
Received: from [] ( by smtp-out21.han.skanova.net (8.5.133) (authenticated as u36408181) id 521DAD6E0091FDCB for keyprov@ietf.org; Wed, 18 Sep 2013 17:07:53 +0200
Message-ID: <5239C1BE.5020104@telia.com>
Date: Wed, 18 Sep 2013 17:07:42 +0200
From: Anders Rundgren <anders.rundgren@telia.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: keyprov@ietf.org
X-Enigmail-Version: 1.5.2
Content-Type: multipart/alternative; boundary="------------000006030808010804000404"
Subject: [KEYPROV] Converting enrollment protocols from XML to JSON
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2013 15:08:22 -0000

I have "amused" myself with some initial conversions of KeyGen2 from XML to JSON.
The following shows one of the ten KeyGen2 message objects:
        "@context": "http://xmlns.webpki.org/keygen2/201309018",
        "@qualifier": "KeyCreationRequest",
        "ServerSessionID": "S-140f2b70a3e4eefe1627b141e20",
        "ClientSessionID": "C-140f2b70ba0812f22188454b453",
        "SubmitURL": "http://issuer.example.com/keygen",
                 "ID": "PUK.1",
                 "Format": "numeric",
                 "RetryLimit": 3,
                 "Value": "mjRuOhjhtfg6d6d51Oqw",
                 "MAC": "xPr65fxq5hwvUX94Btpp5tey+yHH9iBrMLO7wQ2k5/0=",
                          "ID": "PIN.1",
                          "Grouping": "shared",
                          "Format": "numeric",
                          "MinLength": 4,
                          "MaxLength": 8,
                          "RetryLimit": 3,
                          "PatternRestrictions": ["three-in-a-row","sequence"],
                          "MAC": "Hlzek4waNiqnWwrK83cvHE6MyoQh7N5frLEH4I3DpZ0=",
                                   "ID": "Key.1",
                                   "KeyAlgorithm": "http://xmlns.webpki.org/sks/algorithm#ec.p256",
                                   "AppUsage": "authentication",
                                   "MAC": "idpbhr/L/4BnaLaxz5VJHC4/XPoyp3kR/s7Dcb7ywTM="
                                   "ID": "Key.2",
                                   "KeyAlgorithm": "http://xmlns.webpki.org/sks/algorithm#rsa2048",
                                   "AppUsage": "encryption",
                                   "MAC": "6KCho59vdV3hyXlKaQl3HQFPO32GzfXFbkJh4jsbQKA="

This should be interpreted as a request for an EC key and an RSA key where both keys are protected by a single (shared) user-defined (within the specified policy limits) PIN. The PIN is in turn governed by an issuer-defined, protocol-wise secret PUK.

Since multiple instances of properties is considered as a bad JSON practice, arrays have been used instead.
For those who are versed in XML Schemas, @context is essentially the same as targetNameSpace while @qualifier represents an "emulation" of the top-level element in an XML instance document.

The original version in XML looks considerably cooler but machines probably don't care :-)