©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 10 September, 2010 Encoding Options for Key Wrap.

Slides:



Advertisements
Similar presentations
Table of Contents III: Use fields to create a TOC and create multiple TOCs Use multiple TOCs in a document Many long documents, such as complex reports.
Advertisements

KMIP 1.3 SP Issues Joseph Brand / Chuck White / Tim Hudson December 12th,
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
Secure Socket Layer.
Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.
© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice KMIP Key Naming for Removable Media.
KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.
RSpec. Testing with RSpec Test::Unit “does the job”, but it would be nice if tests would be more descriptive, more Enlgish-like RSpec uses some Ruby magic.
 2008 Pearson Education, Inc. All rights reserved. 1 Introduction to HTML.
DT228/3 Web Development Databases. Database Almost all web application on the net access a database e.g. shopping sites, message boards, search engines.
Table of Contents Matrices - Multiplication Assume that matrix A is of order m  n and matrix B is of order p  q. To determine whether or not A can be.
Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 9: Frames © 2007 Prosoft Learning Corporation All rights reserved ITD 110 Web Page Design.
Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 9: HTML Frames.
Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Modification Proposals to Current TURN Spec Mikael Latvala.
XP Using Frames in a Web Site Ali Alfayly. XP Tutorial Objectives Create frames for a Web site Control the appearance and placement of frames Control.
XML CPSC 315 – Programming Studio Fall 2008 Project 3, Lecture 1.
Module 14: WCF Send Adapters. Overview Lesson 1: Introduction to WCF Send Adapters Lesson 2: Consuming a Web Service Lesson 3: Consuming Services from.
© 2010 IBM Corporation 23 September 2015 KMIP Server-to-server: use-cases and status Marko Vukolic Robert Haas
HTML - Forms By Joaquin Vila, Ph.D.. Form Tag The FORM tag specifies a fill-out form within an HTML document. More than one fill-out form can be in a.
SERVER web page repository WEB PAGE instructions stores information and instructions BROWSER retrieves web page and follows instructions Server Web Server.
 2008 Pearson Education, Inc. All rights reserved Introduction to XHTML Pt. 2.
WebDAV Issues Munich IETF August 11, Property URL encoding At present, spec. allows encoding of the name of a property so it can be appended to.
Release candidate enhancements Compiled by Seth Park, May 2009 While piloting the sidsc-component specialization, Freescale Semiconductor identified two.
Copyrighted material John Tullis 10/17/2015 page 1 04/15/00 XML Part 3 John Tullis DePaul Instructor
Copyright 2007, Information Builders. Slide 1 Understanding Basic HTML Amanda Regan Technical Director June, 2008.
 2008 Pearson Education, Inc. All rights reserved Introduction to XHTML.
KMIP 1.3 Deprecation February 20, Deprecation 5.1 KMIP Deprecation Rule Items in the normative KMIP Specification [KMIP-Spec] document can be marked.
HTML - Forms By Joaquin Vila, Ph.D.. Form Tag The FORM tag specifies a fill-out form within an HTML document. More than one fill-out form can be in a.
OTP-ValidationService John Linn, RSA Laboratories 11 May 2005.
1 Key Management Interoperability Protocol (KMIP)
5.2 Scope: This standard defines common data interchange formats for event records for voting systems. Voting systems, including election administration.
TABLES 1. In this chapter you will learn that tables have many uses in HTML. Objectives: Upon completing this section, you should be able to: 1. Insert.
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
Clarifications to KMIP v1.1 for Asymmetric Crypto and Certificates J. Furlong 29 September 2010.
1 NIST Key State Models SP Part 1SP (Draft)
Forms Collecting Data CSS Class 5. Forms Create a form Add text box Add labels Add check boxes and radio buttons Build a drop-down list Group drop-down.
1 HTML Frames
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
February 17, 1999 Matsushita Electric Industrial Co., Ltd. Requirement for “Real-Time AV Data Recording” Table of Contents 1. Activity Report for Real-Time.
KMIP Support for PGP Things to take out Things to put in.
Task #1 Create a relational database on computers in computer classroom 308, using MySQL server and any client. Create the same database, using MS Access.
HTML Links HTML uses a hyperlink to another document on the Web.
KMIP Notes 1.3 – Security Attribute Security 15 May 2014 Chuck White – 1.
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 23 September, 2010 Encoding Options for Key Wrap.
Starting with Oracle SQL Plus. Today in the lab… Connect to SQL Plus – your schema. Set up two tables. Find the tables in the catalog. Insert four rows.
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 26 October, 2010 Encoding Options for Key Wrap of.
1 HTML Frames
Session: 4. © Aptech Ltd. 2Creating Hyperlinks and Anchors / Session 4  Describe hyperlinks  Explain absolute and relative paths  Explain how to hyperlink.
© SafeNet Confidential and Proprietary KMIP Entity Object and Client Registration Alan Frindell Contributors: Robert Haas, Indra Fitzgerald SafeNet, Inc.
Internet & World Wide Web How to Program, 5/e Copyright © Pearson, Inc All Rights Reserved.
Winter 2001C.Watters1 Apache Proxy Notes. winter 2001C.Watters2 Proxy Intermediary between clients and the web Configure browser to go to the proxy Proxy.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/27/2011.
1 Key Management Interoperability Protocol (KMIP)
Keyprov PSKC spec Philip Hoyer 71-st IETF, Philadelphia.
Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal Oct Denis Pochuev, SafeNet John Leiseboer, QuintessenceLabs.
Portable Symmetric Key Container (PSKC) Mingliang Pei Philip Hoyer Dec. 3, th IETF, Vancouver.
Keyprov PSKC spec Philip Hoyer 71-st IETF, Philadelphia.
Issue 93 Mu at Client (mustUnderstand on client side) Doug Davis XMLP F2F June 2001.
Creating Section 508 Compliant Documents & Presentations
Open quotation Select quotes for a quotation.
Basic XHTML Tables XHTML tables—a frequently used feature that organizes data into rows and columns. Tables are defined with the table element. Table.
KMIP Client Registration Ideas for Discussion
Cryptographic Usage Mask
Creating Section 508 Compliant Documents & Presentations
doc.: IEEE <doc#>
Server Side Wrap Operations
Cryptographic Usage Mask
Creating Section 508 Compliant Documents & Presentations
Ensuring Name Uniqueness
March 2013 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Comment Resolution Suggestions Date Submitted:
Presentation transcript:

©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 10 September, 2010 Encoding Options for Key Wrap of Un-structured Data

Key Wrap for un-structured data Reason for proposed change Current key wrap specification may require all wrapped keys to be TTLV-encoded TTLV encoding could be a problem in the following example use case: A KMIP proxy client requests a wrapped key on behalf of another device The proxy is KMIP aware, but can’t unwrap the key The device using the key is not KMIP-aware End-device unwraps the key, but doesn’t understand the TTLV data KMIP 1.0 spec (section 2.1.4) requires the Key Value Byte String to be TTLV-encoded Even if the string only includes Key Material Example of Key Value Byte String, containing Key Material and encoding, before wrapping ABCDEF ABCDEF Key Key Byte Value Struct Len Mat’l String Len Key material

Proposal Description Proposal description, for KMIP 1.1 spec Provide a method (an Encoding Option) to choose between un-encoded or encoded wrapping of un-structured keys Un-structured is defined as Key Values with unstructured Key Material, and no attributes. If Key Value data is structured (i.e., includes attributes), then server will always encode Default behavior is to encode, even if Key Value is un-structured (1.0 behavior) Example of an unstructured Key Value, with no encoding, before wrapping into a Key Value Byte String: ABCDEF ABCDEF Key material Related request Include a key wrapping use case in the KMIP 1.1 Use Case document Include an Encoding Option example in the KMIP 1.1 Usage Guide

Proposal Detail Proposed specification changes reference: KMIP spec CD 12 (PDF), on 28 May,2010 The Key Value Byte String is the wrapped contents of a Key Value structure. If the Key Value structure consists only of a Key Material byte string, the client MAY choose to request the Key Value Byte String to be un-encoded. Otherwise, the Key Value Byte String SHALL be a wrapped, TTLV-encoded (see Section 9.1) Key Value structure Key value. Change line 254 to say Key value. Change line 248 to say The Key Value is only used inside a Key Block. For plaintext keys, Key Value SHALL be a Key Value structure (see Table 6). For wrapped keys, Key Value is a Byte String containing, at minimum, the wrapped key material. This Byte String MAY also contain a wrapped Key Value structure.

Proposal Detail Encoding OptionEnumeration, see No. Specifies whether the Key Value Byte String was TTLV- encoded. If not present, the wrapped Key Value SHALL be TTLV-encoded. Only a wrapped Key Value with no attributes MAY be un-encoded. Proposed specification changes reference: KMIP spec CD 12 (PDF), on 28 May, Key Wrapping Data. append a row to Table 7 An Encoding Option, specifying whether the wrapped Key Value Byte String contains TTLV-encoding. Only a Key Value containing no attributes MAY be un- encoded Key Wrapping Data. Insertion, following line 267, to say

Proposal Detail Proposed specification changes reference: KMIP 1.0 spec CD 12 (PDF), on 28 May, Key Wrapping Specification. insertion, following line 305, to say An Encoding Option, specifying whether the Key Value will be TTLV-encoded before wrapping. Only a Key Value structure with no attributes may be un-encoded Key Wrapping Specification. append a row to Table 10 Encoding OptionEnumeration, see No. Ignored if 1 or more attribute names are included. If not present, the wrapped Key Value SHALL be TTLV-encoded.

Proposal Detail Proposed specification changes (continued) reference: KMIP 1.0 spec CD 12 (PDF), on 28 May, Tags. Table 193. Add row Encoding Option; 4200A2 (Reserved); 4200A3 – 42FFFF (new). Key Wrap Encoding Option Enumeration no encoding; TTLV encoding; Appendix B. Table 253. Add row Encoding Option2.1.5, 2.1.6, Enumeration

Additional POC Use Case Proposal Requested POC addition reference: KMIP 1.0 Use Cases CD 11, on 28 May, 2010 Add a new use case under Key Interchange 6.2 Use-case: Get and Register a wrapped key. This use case demonstrates the Get operation for a wrapped key, using the Key Wrapping Specification. It then specifies the Key Wrapping Data in a Register request to register the wrapped key. The new use case should demonstrate the Encrypt wrapping method and the different encoding options Other wrapping methods and key wrapping options should also be shown, if possible

©2009 HP Confidential9

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.