©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 23 September, 2010 Encoding Options for Key Wrap.

Slides:



Advertisements
Similar presentations
IPP Printer State Extensions IPP Working Group 19 February 2007 Maui Craig Whittle / Ira McDonald.
Advertisements

Advanced XSLT. Branching in XSLT XSLT is functional programming –The program evaluates a function –The function transforms one structure into another.
KMIP 1.3 SP Issues Joseph Brand / Chuck White / Tim Hudson December 12th,
Secure Socket Layer.
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 10 September, 2010 Encoding Options for Key Wrap.
Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.
© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice KMIP Key Naming for Removable Media.
KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.
 2008 Pearson Education, Inc. All rights reserved. 1 Introduction to HTML.
Tutorial 8 Designing a Web Site with Frames. XP Objectives Explore the uses of frames in a Web site Create a frameset consisting of rows and columns of.
Create a Web Site with Frames
Document Type Definitions. XML and DTDs A DTD (Document Type Definition) describes the structure of one or more XML documents. Specifically, a DTD describes:
Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 9: Frames © 2007 Prosoft Learning Corporation All rights reserved ITD 110 Web Page Design.
Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 9: HTML Frames.
XP Tutorial 5New Perspectives on HTML, XHTML, and DHTML, Comprehensive 1 Designing a Web Site with Frames Using Frames to Display Multiple Web Pages Tutorial.
XP Using Frames in a Web Site Ali Alfayly. XP Tutorial Objectives Create frames for a Web site Control the appearance and placement of frames Control.
XML CPSC 315 – Programming Studio Fall 2008 Project 3, Lecture 1.
Module 14: WCF Send Adapters. Overview Lesson 1: Introduction to WCF Send Adapters Lesson 2: Consuming a Web Service Lesson 3: Consuming Services from.
© 2010 IBM Corporation 23 September 2015 KMIP Server-to-server: use-cases and status Marko Vukolic Robert Haas
HTML - Forms By Joaquin Vila, Ph.D.. Form Tag The FORM tag specifies a fill-out form within an HTML document. More than one fill-out form can be in a.
USING PERL FOR CGI PROGRAMMING
Tutorial 8 Designing a Web Site with Frames. XP Objectives Explore the uses of frames in a Web site Create a frameset consisting of rows and columns of.
WebDAV Issues Munich IETF August 11, Property URL encoding At present, spec. allows encoding of the name of a property so it can be appended to.
Avoid using attributes? Some of the problems using attributes: Attributes cannot contain multiple values (child elements can) Attributes are not easily.
KMIP Profiles version 1.3 A Method to Define Operations Access Control and Interaction Between a Client and Server Presented by: Kiran Kumar Thota & Bob.
 2008 Pearson Education, Inc. All rights reserved Introduction to XHTML.
Chapter 7 File I/O 1. File, Record & Field 2 The file is just a chunk of disk space set aside for data and given a name. The computer has no idea what.
KMIP 1.3 Deprecation February 20, Deprecation 5.1 KMIP Deprecation Rule Items in the normative KMIP Specification [KMIP-Spec] document can be marked.
HTML - Forms By Joaquin Vila, Ph.D.. Form Tag The FORM tag specifies a fill-out form within an HTML document. More than one fill-out form can be in a.
Tutorial 8 Designing a Web Site with Frames. 2New Perspectives on HTML, XHTML, and XML, Comprehensive, 3rd Edition Objectives Explore the uses of frames.
OTP-ValidationService John Linn, RSA Laboratories 11 May 2005.
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
Clarifications to KMIP v1.1 for Asymmetric Crypto and Certificates J. Furlong 29 September 2010.
McGraw-Hill/Irwin © 2004 by The McGraw-Hill Companies, Inc. All rights reserved. Understanding How XML Works Ellen Pearlman Eileen Mullin Programming the.
Web Programming Week 2 Old Dominion University Department of Computer Science CS 418/518 Fall 2010 Martin Klein 09/07/10.
1 NIST Key State Models SP Part 1SP (Draft)
Forms Collecting Data CSS Class 5. Forms Create a form Add text box Add labels Add check boxes and radio buttons Build a drop-down list Group drop-down.
1 HTML Frames
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
WebDAV Collections December 10, 1998 Judy Slein
KMIP Support for PGP Things to take out Things to put in.
FIPA Abstract Architecture London FIPA meeting January 24-29, 2000 from: TC-A members.
Task #1 Create a relational database on computers in computer classroom 308, using MySQL server and any client. Create the same database, using MS Access.
HTML Links HTML uses a hyperlink to another document on the Web.
Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 26 October, 2010 Encoding Options for Key Wrap of.
1 HTML Frames
© SafeNet Confidential and Proprietary KMIP Entity Object and Client Registration Alan Frindell Contributors: Robert Haas, Indra Fitzgerald SafeNet, Inc.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/27/2011.
1 HTML: HyperText Markup Language Representation and Management of Data on the Internet.
1 Key Management Interoperability Protocol (KMIP)
Keyprov PSKC spec Philip Hoyer 71-st IETF, Philadelphia.
Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal Oct Denis Pochuev, SafeNet John Leiseboer, QuintessenceLabs.
Portable Symmetric Key Container (PSKC) Mingliang Pei Philip Hoyer Dec. 3, th IETF, Vancouver.
Keyprov PSKC spec Philip Hoyer 71-st IETF, Philadelphia.
KMIP Compliance Redefining Server and Client requirements to claim compliance Presented by: Bob Lockhart.
Creating Section 508 Compliant Documents & Presentations
Open quotation Select quotes for a quotation.
IEEE MEDIA INDEPENDENT HANDOVER DCN: MuGM
KMIP Client Registration Ideas for Discussion
Cryptographic Usage Mask
Creating Section 508 Compliant Documents & Presentations
KMIP Entity Object and Client Registration
doc.: IEEE <doc#>
Server Side Wrap Operations
Cryptographic Usage Mask
Creating Section 508 Compliant Documents & Presentations
Greta Mameniskyte IV course 3rd group
IEEE MEDIA INDEPENDENT HANDOVER DCN: MuGM
Presentation transcript:

©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 23 September, 2010 Encoding Options for Key Wrap of Un-structured Data

Key Wrap for un-structured data Reason for proposed change Current key wrap specification may require all wrapped keys to be TTLV-encoded TTLV encoding could be a problem in the following example use case: A KMIP proxy client requests a wrapped key on behalf of another device The proxy is KMIP aware, but can’t unwrap the key The device using the key is not KMIP-aware End-device unwraps the key, but doesn’t understand the TTLV data KMIP 1.0 spec (section 2.1.4) requires the Key Value Byte String to be TTLV-encoded Even if the string only includes Key Material Example of Key Value Byte String, containing Key Material and encoding, before wrapping ABCDEF ABCDEF Key Key Byte Value Struct Len Mat’l String Len Key material Revised 23 September, 20102

Proposal Description Proposal description, for KMIP 1.1 spec Provide a method (an Encoding Option) to choose between un-encoded or encoded wrapping of un-structured keys Un-structured is defined as Key Values with unstructured Key Material, and no attributes. If Key Value data is structured (i.e., includes attributes), then server will always encode. TTLV-encoding is the only encoding option currently specified. Default behavior is to encode, even if Key Value is un-structured (1.0 behavior) Example of an unstructured Key Value, with no encoding, before wrapping into a Key Value Byte String: ABCDEF ABCDEF Key material Related request Include a key wrapping use case in the KMIP 1.1 Use Case document Include an Encoding Option example in the KMIP 1.1 Usage Guide Revised 23 September,

Proposal Detail Proposed specification changes reference: KMIP spec CD 12 (PDF), on 28 May,2010 The Key Value Byte String is the wrapped contents of a Key Value structure. If the Key Value structure consists only of a Key Material byte string, the client MAY choose to request the Key Value Byte String to be un-encoded. Otherwise, the Key Value Byte String SHALL be a wrapped, encoded (see Section 9.1) Key Value structure Key value. Change line 254 to say Key value. Change line 248 to say The Key Value is only used inside a Key Block. For plaintext keys, Key Value SHALL be a Key Value structure (see Table 6). For wrapped keys, Key Value is a Byte String containing, at minimum, the wrapped key material. This Byte String MAY also contain a wrapped Key Value structure. Revised 23 September, 20104

Proposal Detail Encoding OptionEnumeration, see No. Specifies whether the Key Value Byte String was encoded. If not present, the wrapped Key Value SHALL be encoded. Only a wrapped Key Value with no attributes MAY be un-encoded. Proposed specification changes reference: KMIP spec CD 12 (PDF), on 28 May, Key Wrapping Data. append a row to Table 7 An Encoding Option, specifying whether the wrapped Key Value Byte String contains encoding. Only a Key Value containing no attributes MAY be un-encoded Key Wrapping Data. Insertion, following line 267, to say Revised 23 September, 20105

Proposal Detail Proposed specification changes reference: KMIP 1.0 spec CD 12 (PDF), on 28 May, Key Wrapping Specification. insertion, following line 305, to say An Encoding Option, specifying whether the Key Value will be encoded before wrapping. Only a Key Value structure with no attributes may be un-encoded Key Wrapping Specification. append a row to Table 10 Encoding OptionEnumeration, see No. Ignored if 1 or more attribute names are included. If not present, the wrapped Key Value SHALL be encoded. Revised 23 September, 20106

Proposal Detail Proposed specification changes (continued) reference: KMIP 1.0 spec CD 12 (PDF), on 28 May, Tags. Table 193. Add row Encoding Option; 4200A2 (Reserved); 4200A3 – 42FFFF (new). Key Wrap Encoding Option Enumeration no encoding; TTLV encoding; Extensions; 8XXXXXXX Appendix B. Table 253. Add row Encoding Option2.1.5, 2.1.6, Enumeration Revised 23 September, 20107

Proposal Detail Proposed specification changes (continued) reference: KMIP 1.0 spec CD 12 (PDF), on 28 May, Result Reason Enumeration. Table 221. Add new value: “Encoding Option Not Supported”; Value Get Errors. Table 236. Add New Error Definition: “Object exists but cannot be provided in the desired Encoding Option”; Operation Failed; Encoding Option Not Supported Revised 23 September, 20108

Additional POC Use Case Proposal Requested POC addition reference: KMIP 1.0 Use Cases CD 11, on 28 May, 2010 Add a new use case under Key Interchange 6.2 Use-case: Register / Get Wrapped Key / Destroy This use case demonstrates a Register operation to register a key wrapping key. A separate data encryption key is then created. The use case then uses a Get operation to wrap the data encryption key via a Key Wrapping Specification. The keys are then destroyed. In practical applications, the key wrapping key may be registered using a different client or by an administrator. The new use case should demonstrate the Encrypt wrapping method and the different encoding options Other wrapping methods and key wrapping options should also be shown, if possible Revised 23 September, 20109

©2009 HP Confidential10

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.