Download presentation
Presentation is loading. Please wait.
Published byAbel Taylor Modified over 8 years ago
1
KeyProv PSKC Specification Philip Hoyer Mingliang Pei Salah Machani 74 nd IETF meeting, San Francisco Nov. 2008
2
Agenda Status update Changes since v6 Comments received from working group last call Next steps
3
Status Update Completely redesigned flow of document based on examples and moved use case and requirements to appendixes and renamed to draft-ietf-keyprov-pskc-.. Moved profiles for proprietary keys (e.g. RSA and ActivIdentity) to separate informational RFC Reviewed and aligned with SKSML OASIS effort and NIST SP800-57 Called Working group last call for PSKC 6 th of March 2009
4
Changes since v6 Removed KeyProperties for simplification (size in bulk transmission is rarely an issue) Grouped elements relating to the policy of using the key under Key.KeyPolicy element Reviewed and aligned KeyPolicy with SKSML OASIS effort Reviewed and aligned KeyPolicy.usage (for what the key is used) with NIST SP800-57 Removed mandatory to implement key protection algorithms and recommended KW- AES no padding, KW-AES with padding (Russ Housley’s draft) and AES-CBC + HMAC-1 for environments where KW-AES with padding is not available
5
Schema Changes Removed KeyProperties for simplification (size in bulk transmission is rarely an issue) Grouped elements relating to the policy of using the key under Key.KeyPolicy element
6
Comments received – MAC issue Currently for non integrity algorithm (e.g. AES-CBC) we allow a separate MAC to be transmitted under Data.ValueMAC MAC key is the same as the key encryption key MAC is calculated over cleartext (key) instead of ciphertext Comments: bad cryptographic practice Solution Options Create a MAC key derivation Derive MAC key from encryption key and a random nonce, and transmit nonce in MACAlgorithm K_MAC = Enc(K_ENC, nonce) … Derive MAC key from encryption key and container ID K_MAC = Enc(K_ENC, container_ID) Create a separate random MAC key K_MAC is randomly generated and encrypted with K_ENC. The encrypted K_MAC is transmitted in MACAlgorithm … Specify a pre-defined MAC key (e.g. when used in DSKPP)
7
Comments received – continued Example for AES encryption isn’t correct It doesn’t prepend IV The padding of the plain data uses PKCS#7 format rather than ISO DeviceInfo.DeviceBinding – definition and purpose is not clear Several editorial comments Terminology alignment– discussion deferred to other slides
8
Next steps Address MAC issue Address editorial comments Resubmit next rev Last call
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.