[plasma] KEK usage

"Fitch, Scott C" <scott.c.fitch@lmco.com> Tue, 25 October 2011 18:55 UTC

Return-Path: <scott.c.fitch@lmco.com>
X-Original-To: plasma@ietfa.amsl.com
Delivered-To: plasma@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 989D321F8AD1 for <plasma@ietfa.amsl.com>; Tue, 25 Oct 2011 11:55:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id X4cKlyNWp+zU for <plasma@ietfa.amsl.com>; Tue, 25 Oct 2011 11:55:44 -0700 (PDT)
Received: from mailfo01.lmco.com (mailfo01.lmco.com []) by ietfa.amsl.com (Postfix) with ESMTP id 0793021F8ABE for <plasma@ietf.org>; Tue, 25 Oct 2011 11:55:43 -0700 (PDT)
Received: from mailgw3a.lmco.com (mailgw3a.lmco.com []) by mailfo01.lmco.com (8.14.3/8.14.3) with ESMTP id p9PItdtO019154 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <plasma@ietf.org>; Tue, 25 Oct 2011 19:55:40 +0100
Received: from emss09g01.ems.lmco.com (relay6.ems.lmco.com [])by mailgw3a.lmco.com (LM-6) with ESMTP id p9PItHLC028072for <plasma@ietf.org>; Tue, 25 Oct 2011 14:55:39 -0400 (EDT)
Received: from CONVERSION2-DAEMON.lmco.com by lmco.com (PMDF V6.4 #31806) id <0LTM00D01XKGLZ@lmco.com> for plasma@ietf.org; Tue, 25 Oct 2011 18:48:16 +0000 (GMT)
Received: from HDXHTPN7.us.lmco.com ([]) by lmco.com (PMDF V6.4 #31806) with ESMTP id <0LTM0076SXKBJF@lmco.com> for plasma@ietf.org; Tue, 25 Oct 2011 18:48:11 +0000 (GMT)
Received: from HDXDSP11.us.lmco.com ([fe80::c04a:c222:3486:3e3]) by HDXHTPN7.us.lmco.com ([fe80::f1:ff4b:90a4:695%14]) with mapi id 14.01.0289.001; Tue, 25 Oct 2011 12:48:11 -0600
Date: Tue, 25 Oct 2011 18:48:11 +0000
From: "Fitch, Scott C" <scott.c.fitch@lmco.com>
X-Originating-IP: []
To: "plasma@ietf.org" <plasma@ietf.org>
Message-id: <DFE85D7EFA640D4886E9A9141AEBCD200A097BD1@HDXDSP11.us.lmco.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-language: en-US
Content-transfer-encoding: 7BIT
Thread-Topic: KEK usage
Thread-Index: AcyTRgPodLuEJ3NEQcqy3+T3/w0AYA==
Accept-Language: en-US
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813, 1.0.211, 0.0.0000 definitions=2011-10-25_06:2011-10-25, 2011-10-25, 1970-01-01 signatures=0
Subject: [plasma] KEK usage
X-BeenThere: plasma@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <plasma.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/plasma>, <mailto:plasma-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/plasma>
List-Post: <mailto:plasma@ietf.org>
List-Help: <mailto:plasma-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2011 18:55:44 -0000

I have a question on using a KEK as described in Section 4.2. It states:

The [Content Creation] PEP submits the CEK, the set of requires policies to be applied and the hash of the encrypted content to the PDP. The CEK can be a raw key or a CEK key encrypted by a KEK if the user does not want the PDP to have the ability to access the plain text data.

In the case of encrypting the CEK with a KEK, whose key is used in that case? And how will the recipient decrypt it? I didn't see the corresponding steps listed in the Content Consuming sequence.