|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
## KEYPROVwg
##
##
##
##
##
##
##
##
|
|
|
|
|
|
|
|
|
Last Update: Apr 23, 2008
-- Color Legend: RFC Editor Queue
/ Processed by IESG
/ ID Exists
/ Recently Expired
-- Each I-D name is a link to an I-D description, which points to a text version, a two-page and fit-in-window PDF version, as well as the IETF Tools' HTML version.
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
## KEYPROVwg
##
##
##
##
##
##
##
##
|
|
|
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
## KEYPROVwg
##
##
##
##
##
##
##
|
|
|
|
|
|
| The charter of the KEYPROV working group
is reported below.
|
|
|
|
Current developments in deployment of Shared Symmetric Key (SSK)
tokens have highlighted the need for a standard protocol for
provisioning symmetric keys.
The need for provisioning protocols in PKI architectures has been
recognized for some time. Although the existence and architecture of
these protocols provides a feasibility proof for the KEYPROV work
assumptions built into these protocols mean that it is not possible
to apply them to symmetric key architectures without substantial
modification.
In particular the ability to provision symmetric keys and associated
attributes dynamically to already issued devices such as cell phones
and USB drives is highly desirable. The working group will develop
the necessary protocols and data formats required to support
provisioning and management of symmetric key authentication tokens,
both proprietary and standards based.
The following Internet drafts have been proposed by their authors as
input documents:
|
|
| - |
Dynamic Symmetric Key Provisioning Protocol (M. Pei, S. Machani)
|
| - |
Portable Symmetric Key Container (A. Vassilev, J. Martinsson, M.
Pei, P. Hoyer, S. Machani)
|
| - |
Extensions to CT-KIP to support one- and two-pass key
initialization (M. Nystroem, S. Machani)
|
|
The scope of the working group shall be to define protocols and data
formats necessary for provisioning of symmetric cryptographic keys
and associated attributes.
The group shall consider use cases related to use of Shared Symmetric
Key Tokens. Other use cases may be considered for the purpose of
avoiding unnecessary restrictions in the design and ensure the
potential for future extensibility.
The working group will produce the following deliverables:
|
|
| - |
Portable Symmetric Key Container
|
| - |
Dynamic Symmetric Key Provisioning Protocol
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
## KEYPROVwg
##
##
##
##
##
##
##
##
|
|
|
|
|
|
|
|
| -
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
## KEYPROVwg
##
##
##
##
##
##
##
##
|
|
|
|
|
|
|
|
| -
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
## KEYPROVwg
##
##
##
##
##
##
##
##
|
|
|
|
|
|
|
|
| -
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
## KEYPROVwg
##
##
##
##
##
##
##
##
|
|
|
|
|
|
|
|
|
|
| | |
keyprov-dskpp-03
ID Exists
Feb 25, 2008
(98 p.)
[pdf(2)]
[html]
|
A. Doherty
M. Pei
S. Machani
M. Nystrom |
|
Dynamic Symmetric Key Provisioning Protocol (DSKPP) |
DSKPP is a client-server protocol for initialization (and
configuration) of symmetric keys to locally and remotely accessible
cryptographic modules. The protocol can be run with or without
private-key capabilities in the cryptographic modules, and with or
without an established public-key infrastructure.
Two variations of the protocol support multiple usage scenarios.
With the four-pass variant, keys are mutually generated by the
provisioning server and cryptographic module; provisioned keys are
not transferred over-the-wire or over-the-air. The two-pass variant
enables secure and efficient download and installation of pre-
generated symmetric keys to a cryptographic module.
This document builds on information contained in [RFC4758], adding
specific enhancements in response to implementation experience and
liaison requests. It is intended that this document or a successor
version thereto will become the basis for subsequent progression of a
symmetric key provisioning protocol specification on the standards
track.
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
| | |
keyprov-portable-
symmetric-key-
container-04
ID Exists
Apr 21, 2008
(65 p.)
[pdf(2)]
[html]
|
P. Hoyer
M. Pei
S. Machani |
|
Portable Symmetric Key Container |
This document specifies a symmetric key format for transport and
provisioning of symmetric keys (for example One Time Password (OTP)
shared secrets or symmetric cryptographic keys) to different types of
crypto modules such as a strong authentication device. The standard
key transport format enables enterprises to deploy best-of-breed
solutions combining components from different vendors into the same
infrastructure.
This work is a joint effort by the members of OATH (Initiative for
Open AuTHentication) to specify a format that can be freely
distributed to the technical community. The authors believe that a
common and shared specification will facilitate adoption of two-
factor authentication on the Internet by enabling interoperability
between commercial and open-source implementations.
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
## KEYPROVwg
##
##
##
##
##
##
##
##
|
|
|
|
|
|
|
|
| -
|
|
|
|
|
|
|
|
|
|
|
