Re: [plasma] KEK usage
Trevor Freeman <trevorf@exchange.microsoft.com> Fri, 28 October 2011 17:39 UTC
Return-Path: <trevorf@exchange.microsoft.com>
X-Original-To: plasma@ietfa.amsl.com
Delivered-To: plasma@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4877121F8514 for <plasma@ietfa.amsl.com>; Fri, 28 Oct 2011 10:39:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.766
X-Spam-Level:
X-Spam-Status: No, score=-110.766 tagged_above=-999 required=5 tests=[AWL=-0.167, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pdSFyryN1yA6 for <plasma@ietfa.amsl.com>; Fri, 28 Oct 2011 10:39:42 -0700 (PDT)
Received: from mail.exchange.microsoft.com (mail1.exchange.microsoft.com [131.107.1.17]) by ietfa.amsl.com (Postfix) with ESMTP id 96B1021F84FA for <plasma@ietf.org>; Fri, 28 Oct 2011 10:39:42 -0700 (PDT)
Received: from df-h14-02.exchange.corp.microsoft.com (157.54.78.140) by DF-G14-01.exchange.corp.microsoft.com (157.54.87.87) with Microsoft SMTP Server (TLS) id 14.2.247.2; Fri, 28 Oct 2011 10:39:42 -0700
Received: from PIO-MLT-05.exchange.corp.microsoft.com (157.54.94.22) by DF-H14-02.exchange.corp.microsoft.com (157.54.78.140) with Microsoft SMTP Server (TLS) id 14.2.202.4; Fri, 28 Oct 2011 10:39:42 -0700
Received: from DF-M14-11.exchange.corp.microsoft.com ([fe80::cc46:3da5:bed6:8dfc]) by PIO-MLT-05.exchange.corp.microsoft.com ([fe80::d940:e316:1daa:5e6a%10]) with mapi id 14.02.0247.002; Fri, 28 Oct 2011 10:39:41 -0700
From: Trevor Freeman <trevorf@exchange.microsoft.com>
To: "Fitch, Scott C" <scott.c.fitch@lmco.com>, "plasma@ietf.org" <plasma@ietf.org>
Thread-Topic: KEK usage
Thread-Index: AcyTRgPodLuEJ3NEQcqy3+T3/w0AYACUW+7A
Date: Fri, 28 Oct 2011 17:39:41 +0000
Message-ID: <E545B914D50B2A4B994F198378B1525D42750848@DF-M14-11.exchange.corp.microsoft.com>
References: <DFE85D7EFA640D4886E9A9141AEBCD200A097BD1@HDXDSP11.us.lmco.com>
In-Reply-To: <DFE85D7EFA640D4886E9A9141AEBCD200A097BD1@HDXDSP11.us.lmco.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.100]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [plasma] KEK usage
X-BeenThere: plasma@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <plasma.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/plasma>, <mailto:plasma-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/plasma>
List-Post: <mailto:plasma@ietf.org>
List-Help: <mailto:plasma-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2011 17:39:44 -0000
If the policy does not want to disclose the KEK to the PDP in the clear, then they have to do early key binding like S/MIME does today. You discover the user's encryption key and encrypt the KEK using their public key to create a recipient info structure which you include for the PDP. The PDP would need to request a claim about the identity of the recipient's public key and then it can release the appropriate recipient info structure. -----Original Message----- From: plasma-bounces@ietf.org [mailto:plasma-bounces@ietf.org] On Behalf Of Fitch, Scott C Sent: Tuesday, October 25, 2011 11:48 AM To: plasma@ietf.org Subject: [plasma] KEK usage I have a question on using a KEK as described in Section 4.2. It states: The [Content Creation] PEP submits the CEK, the set of requires policies to be applied and the hash of the encrypted content to the PDP. The CEK can be a raw key or a CEK key encrypted by a KEK if the user does not want the PDP to have the ability to access the plain text data. In the case of encrypting the CEK with a KEK, whose key is used in that case? And how will the recipient decrypt it? I didn't see the corresponding steps listed in the Content Consuming sequence. -Scott _______________________________________________ plasma mailing list plasma@ietf.org https://www.ietf.org/mailman/listinfo/plasma
- [plasma] KEK usage Fitch, Scott C
- Re: [plasma] KEK usage Trevor Freeman
- Re: [plasma] KEK usage Fitch, Scott C