IETF Logo Mail Archive

[pkix] Derived Credentials. Was: Simple Certificate Enrollment Protocol (SCEP)

Anders Rundgren <anders.rundgren.net@gmail.com> Wed, 12 November 2014 04:15 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5BB11ACD5F for <pkix@ietfa.amsl.com>; Tue, 11 Nov 2014 20:15:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mNBNnENXPfYI for <pkix@ietfa.amsl.com>; Tue, 11 Nov 2014 20:15:45 -0800 (PST)
Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com [IPv6:2a00:1450:400c:c00::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4EDB1ACCFB for <pkix@ietf.org>; Tue, 11 Nov 2014 20:15:35 -0800 (PST)
Received: by mail-wg0-f51.google.com with SMTP id l18so12957437wgh.24 for <pkix@ietf.org>; Tue, 11 Nov 2014 20:15:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=GoCoavx+uyA7i5oRdZAILqosOwYMNRrfen7KUHw/dbs=; b=m9r4/HOXD3EbvQK/CcPpcJapDY0RiP+IIxbjhDeU3NPJRsB2mBnpD3j9b1O1o7W8+Q W3DYXEXxPDf5lOok9JoNBgQQn8zqIENH6kptkICxrG+r3Ba/zyyBzILOOBtxAh9ltzUn zlrR0RewQJ8eNx4hV2HD+UouteS1JSnFUqtuWwfve/v4LXVYyS4G867gL/veUo5x8ixL Vfs+Db/2SuhwdbQJXXQWbf006HRINO+Bf5oKfLt3dNnk3MpAT6v0YYf+EW140i6aRzMJ 6c+uVx6ANYeP3gBpowu8HpaQEzWWJfcsNrubeUFAAf/k1yOgPAgPDsCyrh/z7hDKACJ+ E69A==
X-Received: by 10.180.92.234 with SMTP id cp10mr12852046wib.16.1415765734490; Tue, 11 Nov 2014 20:15:34 -0800 (PST)
Received: from [192.168.1.79] (13.118.176.95.rev.sfr.net. [95.176.118.13]) by mx.google.com with ESMTPSA id g16sm18794077wjq.20.2014.11.11.20.15.33 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 11 Nov 2014 20:15:33 -0800 (PST)
Message-ID: <5462DEE0.4010105@gmail.com>
Date: Wed, 12 Nov 2014 05:15:28 +0100
From: Anders Rundgren <anders.rundgren.net@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "Dr. Massimiliano Pala" <massimiliano.pala@gmail.com>, pkix@ietf.org
References: <9A043F3CF02CD34C8E74AC1594475C739B9DB295@uxcn10-5.UoA.auckland.ac.nz> <D941FEB2-CC8D-4D9C-9496-F7C28B5E0C41@cisco.com> <54616B61.7000307@gmail.com> <703810FB-F786-4D7C-98EF-0DC6080CBEFB@cisco.com> <5462754A.4010802@gmail.com>
In-Reply-To: <5462754A.4010802@gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/pkix/oQeFTxL8IZ0TnfweO8GsgrGIYIw
Subject: [pkix] Derived Credentials. Was: Simple Certificate Enrollment Protocol (SCEP)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Nov 2014 04:15:47 -0000

http://defensesystems.com/articles/2014/11/10/comment-can-derived-credentials-replace-cacs.aspx

A problem with current protocols including CMC, SCEP and EST is that they
don't support enrollment of two-factor credentials[1] and secure key-storage[2]
such as (indirectly) required by the US government.

Anders

1] Key + PIN
2] Through key-container attestations

v2.23.0 | Report a Bug | By Email