Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [P1619-3] Comments for Draft 2 & Draft 3

To: P1619-3@xxxxxxxxxxxxxxxxx
Subject: Re: [P1619-3] Comments for Draft 2 & Draft 3
From: Thomas Hardjono <thardjono@xxxxxxxxxxx>
Date: Mon, 5 May 2008 11:53:11 -0700
In-Reply-To: A<481EAD11.3020604@ieee.org>
List-Help: <http://listserv.ieee.org/cgi-bin/wa?LIST=P1619-3>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO%20P1619-3>
List-Owner: <mailto:P1619-3-request@LISTSERV.IEEE.ORG>
List-Subscribe: <mailto:P1619-3-subscribe-request@LISTSERV.IEEE.ORG>
List-Unsubscribe: <mailto:P1619-3-unsubscribe-request@LISTSERV.IEEE.ORG>
References: A<481EAD11.3020604@ieee.org>
Reply-To: Thomas Hardjono <thardjono@xxxxxxxxxxx>
Thread-Index: AciufDJRA1uJtd97T5OCms3qr6DhPgAYkmog
Thread-Topic: [P1619-3] Comments for Draft 2 & Draft 3


Bob,

Some further high level comments/suggestions for
the doc and for everyone:

(a) Goals of spec: I was wondering if we need to
explicitly call-out the goals of the 1619.3
specification.  Looking at Section 1.2 (Purpose),
the paragraph could be augmented/expanded further.
Alternatively, we could add text to section 4.

Looking at Section 4, the broad goal of the spec
should be to achieve *interoperability* between
implementation of the entities identified in the
architecture mode (Fig.1). This means vendors
selling KM Servers, KM Clients and Crypto Units.

ps. Apologies if I'm just stating the obvious :)


(b) In the architecture model, are we
allowing/covering interaction direct between the
KM Server and the Crypto Unit?

I am aware of certain scenarios in which the KM
Client software is not within the trust boundary
the client-side platform/hardware, and the remote
KM Server reads/writes key-blobs directly into the
Crypto Unit hardware.


(c) Key Hierarchies: will this spec eventually
cover key hierarchies? That is, the logical
organization of which keys are used to wrap which
other keys? 

Or is this out of scope for 1619.3 and therefore
vendor-specific? If vendor specific, will
proprietary schemes impede on the goals of
interoperability.

(PS. This question may need further discussion).


(d) Additional corrections/improvements (p12,
line.7): the interaction should be among 3
end-points, namely the Crypto Unit, KM Client
*and* the KM Server (ie. not just between the
Crypto Unit and KM Client). The KM server is shown
to be above the dotted-line (thus part of the
control plane).

Regards.

/thomas/


> -----Original Message-----
> From: Robert A. (Bob) Lockhart
[mailto:rlockhart@IEEE.ORG] 
> Sent: Sunday, May 04, 2008 11:46 PM
> To: P1619-3@LISTSERV.IEEE.ORG
> Subject: [P1619-3] Comments for Draft 2 & Draft
3
> 
> All,
> 
> I will still be accepting comments on Draft 3
for the next 
> two weeks.  
> Please remember that when you send comments to
include 
> section, page and line number information.
> 
> Here are the current comments.  I am waiting for
other but 
> want to begin the discussion on these for Draft
4 inclusion.
> 
> Please have comments and/or suggestions ready to
discuss 
> during the Face to Face this afternoon.
> 
> Thank you,
> 
> Bob Lockhart
> 
>

smime.p7s

Follow-Ups:
- [P1619-3] Question about using RFC3852
  - From: Thomas Hardjono

References:
- [P1619-3] Comments for Draft 2 & Draft 3
  - From: Robert A. (Bob) Lockhart

Prev by Date: [P1619-3] Question about using RFC3852
Next by Date: [P1619-3] Comments for Draft 2 & Draft 3
Prev by thread: [P1619-3] Comments for Draft 2 & Draft 3
Next by thread: [P1619-3] Question about using RFC3852
Index(es):
- Date
- Thread