---------- Forwarded message ----------
From:
Arshad NoorDate: Dec 17, 2007 4:39 PM
Subject: Re: Approval of document for submission to IEEE
1619.3 WG
To: Matt Ball
Cc: P1619-3 , "Robert A. Lockhart",
Thank you, Matt.
You are absolutely correct about the discrepancy. My
confusion between ASCII-encoded decimals and binary
caused the error. My apologies.
The GKID, as specified in SKSML, is an ASCII-encoded decimal,
with a maximum length of 62-bytes*:
20-bytes for DID (max value: 18446744073709551615)
20-bytes for SID (max value: 18446744073709551615)
20-bytes for KID (max value: 18446744073709551615)
2 hyphens
The URI, as defined in IEEE 1619.3 WG document, is 68-bytes
after it includes the "ek://" prefix and the trailing "/".
I do need to point out that SKSML only specifies GKID as a
string with a maximum length of 62-bytes in the DID-SID-KID
format. Since the 1619.3 WG is planning on working with
multiple KMs and has a need to distinguish between different
KM formats, we are assuming that the use of the IEEE URI
format ("ek://DID-SID-KID/") is anticipated to be supported
only by IEEE-compliant applications. Please correct me if
this assumption is incorrect.
I will update our submission document and send out the new
link. Thanks for the clarification.
Arshad Noor
StrongAuth, Inc.
* The current DRAFT specification of SKSML does not include
the Domain ID (DID). I am in the process of updating it, and
will be uploading it to the OASIS repository within the next
2-3 weeks. I will notify you when it is uploaded.
> 1. Domain Identifier (DID): An 8-byte Private Enterprise Number (PEN)
> assigned by IANA
> 2. Server Identifier (SID): An 8-byte locally-assigned value that
> identifies a particular key manager within the scope of the DID
> 3. Key Identifier (KID): An 8-byte locally-assigned value that
> identifiers a particular key within the scope of the key manager
> and DID.
>
> The concatenate of all three of these fields, separated by hyphens (0x2D
> ASCII) forms the EKMI Global Key Identifier (GKID), for a total of 27
> bytes (according to the proposal).
>
> Examples of an EKMI GKID:
>
> * ek://0-0-0/
> * ek://10514-22-344342232/
> **
> * ek://18446744073709551615-18446744073709551615-18446744073709551615/
>
> Commentary: There's a minor discrepancy in this draft, where it's
> unclear whether the GKID is represented in binary or ASCII-encoded
> decimal. Based on the examples, I'm assuming that the representation is
> decimal, and that the actual size of the GKID is 20 characters, for a
> range of 0 to 2^64-1 (8 binary bytes). With this minor change, the
> maximum size of the EKMI GKID becomes:
>
> 5 bytes for prefix ('ek://')
> 3 * 20 bytes for each of DID, SID, and KID
> 2 hyphens
> 1 trailing slash
>
> total = 68 bytes
>
>
> After we get this minor clarification, I was hoping Bob Lockhart could
> incorporation this proposal into the latest NameSpace document. I can
> help as well, if needed.
>
> We can discuss this proposal (among others) at the Jan 14th face-to-face
> meeting in Santa Ana.
>
> Thanks!
> -Matt
>
> On Dec 16, 2007 7:46 PM, Arshad Noor <
arshad.noor@strongauth.com