From phoyer@actividentity.com Tue Nov 2 05:11:48 2010 Return-Path: X-Original-To: keyprov@core3.amsl.com Delivered-To: keyprov@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D29163A687D for ; Tue, 2 Nov 2010 05:11:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.249 X-Spam-Level: X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pIoCFrtNjSbp for ; Tue, 2 Nov 2010 05:11:47 -0700 (PDT) Received: from frhub1.activcard.fr (frhub1.activcard.fr [92.103.229.143]) by core3.amsl.com (Postfix) with ESMTP id 35F263A67ED for ; Tue, 2 Nov 2010 05:11:46 -0700 (PDT) Received: from sur-corp-ex-02.corp.ad.activcard.com (sur-corp-ex-02.corp.ad.activcard.com [192.168.33.40]) by frhub1.activcard.fr (Postfix) with ESMTP id 39C2C1838FD; Tue, 2 Nov 2010 13:11:49 +0100 (CET) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Tue, 2 Nov 2010 13:16:16 +0100 Message-ID: <5BFE9E473DBFC24CA87F18F29B3F0AC406890EB3@sur-corp-ex-02.corp.ad.activcard.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: ID Tracker State Update Notice: Thread-Index: Act3q3L3Us6j/fExQbaM+y5azsXu+AC2yuMQ From: "Philip Hoyer" To: , Subject: [KEYPROV] FW: ID Tracker State Update Notice: X-BeenThere: keyprov@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "Provisioning of Symmetric Keys \(keyprov\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Nov 2010 12:11:49 -0000 Ladies and Gentlemen, After more than 4 years of work we now have PSKC in RFC, number 6030 (http://www.rfc-editor.org/rfc/rfc6030.txt ). I would like personally to thank all of the people that have contributed and helped get this document done. People that have spent many hours usually outside the normal working hours to help and finalise the document, a long list of dedicated individuals. Let people know that it is done and please evangelise so that it gets implemented as widely as possible. In OATH (initiative for Open Authentication, http://www.openauthentication.org) we are preparing a compliance program for OATH products and PSKC (RFC 6030) is mandatory as the format for all current published profiles. The 82 member companies of OATH will hence create products that use RFC 6030 and give this a strong head start in the overall community. Please let other people know and point them to the work and thanks again for all the efforts, Philip -----Original Message----- From: IETF Secretariat [mailto:ietf-secretariat-reply@ietf.org]=20 Sent: Friday, October 29, 2010 9:48 PM To: keyprov-chairs@tools.ietf.org; draft-ietf-keyprov-pskc@tools.ietf.org Subject: ID Tracker State Update Notice: State changed to RFC Published from RFC Ed Queue by Cindy Morgan ID Tracker URL: http://datatracker.ietf.org/doc/draft-ietf-keyprov-pskc/ From hannes.tschofenig@gmx.net Tue Nov 2 05:34:54 2010 Return-Path: X-Original-To: keyprov@core3.amsl.com Delivered-To: keyprov@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A14163A68D1 for ; Tue, 2 Nov 2010 05:34:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.966 X-Spam-Level: X-Spam-Status: No, score=-100.966 tagged_above=-999 required=5 tests=[AWL=-0.327, BAYES_00=-2.599, RCVD_IN_BL_SPAMCOP_NET=1.96, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OGdd0l+QNd-9 for ; Tue, 2 Nov 2010 05:34:52 -0700 (PDT) Received: from mail.gmx.net (mailout-de.gmx.net [213.165.64.22]) by core3.amsl.com (Postfix) with SMTP id 62CE83A68B6 for ; Tue, 2 Nov 2010 05:34:51 -0700 (PDT) Received: (qmail invoked by alias); 02 Nov 2010 12:34:54 -0000 Received: from unknown (EHLO [10.254.0.37]) [192.100.123.77] by mail.gmx.net (mp044) with SMTP; 02 Nov 2010 13:34:54 +0100 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX1/KOOB0pcbKYF+vCJ48EDZ0c6vM3qAYkj+CfZtHyZ GMqFKjFD4EJuuz Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii From: Hannes Tschofenig In-Reply-To: <5BFE9E473DBFC24CA87F18F29B3F0AC406890EB3@sur-corp-ex-02.corp.ad.activcard.com> Date: Tue, 2 Nov 2010 14:34:52 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: <5BFE9E473DBFC24CA87F18F29B3F0AC406890EB3@sur-corp-ex-02.corp.ad.activcard.com> To: "Philip Hoyer" X-Mailer: Apple Mail (2.1081) X-Y-GMX-Trusted: 0 Cc: oath_technical@listbox.com, Hannes Tschofenig , keyprov@ietf.org Subject: Re: [KEYPROV] FW: ID Tracker State Update Notice: X-BeenThere: keyprov@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "Provisioning of Symmetric Keys \(keyprov\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Nov 2010 12:34:54 -0000 I also have to thank you Philip, the other authors and the entire group = for the hard work.=20 Great to hear that OATH is working on a compliance program! On Nov 2, 2010, at 2:16 PM, Philip Hoyer wrote: > Ladies and Gentlemen, > After more than 4 years of work we now have PSKC in RFC, number 6030 > (http://www.rfc-editor.org/rfc/rfc6030.txt ). >=20 > I would like personally to thank all of the people that have = contributed > and helped get this document done. People that have spent many hours > usually outside the normal working hours to help and finalise the > document, a long list of dedicated individuals. >=20 > Let people know that it is done and please evangelise so that it gets > implemented as widely as possible. >=20 > In OATH (initiative for Open Authentication, > http://www.openauthentication.org) we are preparing a compliance = program > for OATH products and PSKC (RFC 6030) is mandatory as the format for = all > current published profiles. > The 82 member companies of OATH will hence create products that use = RFC > 6030 and give this a strong head start in the overall community. >=20 > Please let other people know and point them to the work and thanks = again > for all the efforts, >=20 > Philip >=20 >=20 > -----Original Message----- > From: IETF Secretariat [mailto:ietf-secretariat-reply@ietf.org]=20 > Sent: Friday, October 29, 2010 9:48 PM > To: keyprov-chairs@tools.ietf.org; > draft-ietf-keyprov-pskc@tools.ietf.org > Subject: ID Tracker State Update Notice: > >=20 > State changed to RFC Published from RFC Ed Queue by Cindy Morgan > ID Tracker URL: = http://datatracker.ietf.org/doc/draft-ietf-keyprov-pskc/ > _______________________________________________ > KEYPROV mailing list > KEYPROV@ietf.org > https://www.ietf.org/mailman/listinfo/keyprov From wwwrun@rfc-editor.org Thu Oct 28 22:33:03 2010 Return-Path: X-Original-To: keyprov@core3.amsl.com Delivered-To: keyprov@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 992613A6830; Thu, 28 Oct 2010 22:32:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.098 X-Spam-Level: X-Spam-Status: No, score=-102.098 tagged_above=-999 required=5 tests=[AWL=-0.098, BAYES_00=-2.599, J_CHICKENPOX_93=0.6, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1N-KoZTIp4PJ; Thu, 28 Oct 2010 22:32:27 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:1112:1::2f]) by core3.amsl.com (Postfix) with ESMTP id B21993A69B8; Thu, 28 Oct 2010 22:32:17 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 12BC5E0722; Thu, 28 Oct 2010 22:34:11 -0700 (PDT) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20101029053411.12BC5E0722@rfc-editor.org> Date: Thu, 28 Oct 2010 22:34:11 -0700 (PDT) X-Mailman-Approved-At: Fri, 05 Nov 2010 10:30:39 -0700 Cc: keyprov@ietf.org, rfc-editor@rfc-editor.org Subject: [KEYPROV] RFC 6030 on Portable Symmetric Key Container (PSKC) X-BeenThere: keyprov@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "Provisioning of Symmetric Keys \(keyprov\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Oct 2010 05:33:24 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6030 Title: Portable Symmetric Key Container (PSKC) Author: P. Hoyer, M. Pei, S. Machani Status: Standards Track Stream: IETF Date: October 2010 Mailbox: phoyer@actividentity.com, mpei@verisign.com, smachani@diversinet.com Pages: 58 Characters: 123974 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-keyprov-pskc-09.txt URL: http://www.rfc-editor.org/rfc/rfc6030.txt This document specifies a symmetric key format for the transport and provisioning of symmetric keys to different types of crypto modules. For example, One-Time Password (OTP) shared secrets or symmetric cryptographic keys to strong authentication devices. A standard key transport format enables enterprises to deploy best-of-breed solutions combining components from different vendors into the same infrastructure. [STANDARDS-TRACK] This document is a product of the Provisioning of Symmetric Keys Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From anders.rundgren@telia.com Sat Nov 6 06:43:59 2010 Return-Path: X-Original-To: keyprov@core3.amsl.com Delivered-To: keyprov@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6DC0C3A68DC for ; Sat, 6 Nov 2010 06:43:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.444 X-Spam-Level: X-Spam-Status: No, score=-3.444 tagged_above=-999 required=5 tests=[AWL=0.155, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pG2A+v+uhbtB for ; Sat, 6 Nov 2010 06:43:58 -0700 (PDT) Received: from smtp-out12.han.skanova.net (smtp-out12.han.skanova.net [195.67.226.212]) by core3.amsl.com (Postfix) with ESMTP id 2B6F33A6938 for ; Sat, 6 Nov 2010 06:43:58 -0700 (PDT) Received: from [192.168.0.203] (81.232.45.215) by smtp-out12.han.skanova.net (8.5.124.10) (authenticated as u36408181) id 4C7E0D4901412A09; Sat, 6 Nov 2010 14:44:12 +0100 Message-ID: <4CD55BAB.80108@telia.com> Date: Sat, 06 Nov 2010 14:44:11 +0100 From: Anders Rundgren User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: KEYPROV Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [KEYPROV] Apple's On-line Provisioning Protocol X-BeenThere: keyprov@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "Provisioning of Symmetric Keys \(keyprov\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Nov 2010 13:43:59 -0000 http://gigaom.com/2010/10/27/is-apple-about-to-cut-out-the-carriers/ The on-line provisioning revolution is finally coming, thanx to Apple. Apple will presumable make E2ES a standard feature since this is already a part of GP. Is this good news or bad news for KEYPROV? Hard to tell but personally I believe the traditional vendors have put too little effort in their on-line provisioning efforts. Apple's entry in the fray will most certainly change the agenda since Apple is currently perceived as the technical leader. People who claim that on-line provisioning doesn't challenge physical distribution of tokens need to take second look because tokens with built-in device certificates and E2ES-support can in fact improve security, particularly in geographically distributed organizations. Anders From wwwrun@rfc-editor.org Wed Nov 10 07:27:55 2010 Return-Path: X-Original-To: keyprov@core3.amsl.com Delivered-To: keyprov@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6AB373A694F for ; Wed, 10 Nov 2010 07:27:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.295 X-Spam-Level: X-Spam-Status: No, score=-102.295 tagged_above=-999 required=5 tests=[AWL=0.305, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wq2tZb73u3Za for ; Wed, 10 Nov 2010 07:27:54 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:1112:1::2f]) by core3.amsl.com (Postfix) with ESMTP id 8782A3A681F for ; Wed, 10 Nov 2010 07:27:54 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 187E9E0644; Wed, 10 Nov 2010 07:28:22 -0800 (PST) To: phoyer@actividentity.com, mpei@verisign.com, smachani@diversinet.com, turners@ieca.com, tim.polk@nist.gov, phill@hallambaker.com, Hannes.Tschofenig@gmx.net From: RFC Errata System Message-Id: <20101110152822.187E9E0644@rfc-editor.org> Date: Wed, 10 Nov 2010 07:28:22 -0800 (PST) Cc: simon@yubico.com, keyprov@ietf.org, rfc-editor@rfc-editor.org Subject: [KEYPROV] [Editorial Errata Reported] RFC6030 (2621) X-BeenThere: keyprov@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "Provisioning of Symmetric Keys \(keyprov\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Nov 2010 15:27:55 -0000 The following errata report has been submitted for RFC6030, "Portable Symmetric Key Container (PSKC)". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6030&eid=2621 -------------------------------------- Type: Editorial Reported by: Simon Josefsson Section: 10.2 Original Text ------------- The element MAY be present, but no attribute of the element is required. Corrected Text -------------- The element MAY be present, but no attribute of the element is required. Notes ----- The field was renamed between draft -02 and -03 but this section was not updated. Instructions: ------------- This errata is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6030 (draft-ietf-keyprov-pskc-09) -------------------------------------- Title : Portable Symmetric Key Container (PSKC) Publication Date : October 2010 Author(s) : P. Hoyer, M. Pei, S. Machani Category : PROPOSED STANDARD Source : Provisioning of Symmetric Keys Area : Security Stream : IETF Verifying Party : IESG From simon@yubico.com Thu Nov 11 09:34:27 2010 Return-Path: X-Original-To: keyprov@core3.amsl.com Delivered-To: keyprov@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 426A73A6A7D for ; Thu, 11 Nov 2010 09:34:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zv1uuE5a0Upy for ; Thu, 11 Nov 2010 09:34:21 -0800 (PST) Received: from mail-ew0-f44.google.com (mail-ew0-f44.google.com [209.85.215.44]) by core3.amsl.com (Postfix) with ESMTP id 9F66B3A6909 for ; Thu, 11 Nov 2010 09:34:19 -0800 (PST) Received: by ewy27 with SMTP id 27so1338303ewy.31 for ; Thu, 11 Nov 2010 09:34:49 -0800 (PST) Received: by 10.213.17.13 with SMTP id q13mr1190101eba.65.1289496888015; Thu, 11 Nov 2010 09:34:48 -0800 (PST) Received: from latte.josefsson.org (c80-216-27-64.bredband.comhem.se [80.216.27.64]) by mx.google.com with ESMTPS id v56sm2158945eeh.14.2010.11.11.09.34.45 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 11 Nov 2010 09:34:46 -0800 (PST) X-Hashcash: 1:22:101111:keyprov@ietf.org::lwEbHWQoHHnaJMlx:QVkC From: Simon Josefsson To: keyprov@ietf.org OpenPGP: id=B565716F; url=http://josefsson.org/key.txt Date: Thu, 11 Nov 2010 18:34:56 +0100 Message-ID: <87pqubg3wf.fsf@latte.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [KEYPROV] draft-josefsson-keyprov-pskc-yubikey-00.txt X-BeenThere: keyprov@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "Provisioning of Symmetric Keys \(keyprov\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Nov 2010 17:34:27 -0000 Folks, I want to draw your attention to the document announced below that specify a PSKC profile for the YubiKey. It makes use of the Extensions capability in RFC 6030, which I have not seen used elsewhere before. I will be grateful for any feedback and review of the document before I seek a sponsoring AD for publication. The examples are validated according to the PSKC schema, but there could be other concerns. Thanks, /Simon Internet-Drafts@ietf.org writes: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > > Title : Yubico YubiKey Portable Symmetric Key Container (PSKC) Profile > Author(s) : S. Josefsson > Filename : draft-josefsson-keyprov-pskc-yubikey-00.txt > Pages : 8 > Date : 2010-11-11 > > This document specify how to provision the YubiKey using the Portable > Symmetric Key Container (PSKC) format. The YubiKey is a small > portable device that generate One-Time-Passwords. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-josefsson-keyprov-pskc-yubikey-00.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. From anders.rundgren@telia.com Fri Nov 12 23:35:45 2010 Return-Path: X-Original-To: keyprov@core3.amsl.com Delivered-To: keyprov@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9C8F13A69F3 for ; Fri, 12 Nov 2010 23:35:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.166 X-Spam-Level: X-Spam-Status: No, score=-2.166 tagged_above=-999 required=5 tests=[AWL=-1.167, BAYES_50=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F-0a0oT2xjyC for ; Fri, 12 Nov 2010 23:35:44 -0800 (PST) Received: from smtp-out12.han.skanova.net (smtp-out12.han.skanova.net [195.67.226.212]) by core3.amsl.com (Postfix) with ESMTP id 7BE583A69D5 for ; Fri, 12 Nov 2010 23:35:44 -0800 (PST) Received: from [192.168.0.201] (81.232.45.215) by smtp-out12.han.skanova.net (8.5.124.10) (authenticated as u36408181) id 4C7E0D49016583B0; Sat, 13 Nov 2010 08:36:18 +0100 Message-ID: <4CDE3FF1.2010103@telia.com> Date: Sat, 13 Nov 2010 08:36:17 +0100 From: Anders Rundgren User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: KEYPROV Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [KEYPROV] Open Software is NOT the answer X-BeenThere: keyprov@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "Provisioning of Symmetric Keys \(keyprov\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Nov 2010 07:35:45 -0000 Or to be more correct. Open Source is quite important for establishing new technology but it is not enough for establishing something "KEYPROV-ish". Why is that? Because a provisioning protocol to be useful must be connected to a container and here we have a bunch of problems, particularly with respect to hardware devices. My own work in this space has been considerably crippled by the requirements of signed NDAs for just getting a data-sheet for suitable security hardware. If you publish software that operates with such a device, you are actually violating the NDA! The solution as I see it is developing new stuff using standard electronics and publish that as Open Security Hardware. For true smart card connoisseurs this probably sounds like a pretty bad idea. However, it might very well prove to be the opposite because it allows you creating a market for "de-luxe" tokens meeting stringent certifications, as well as for low-cost dittos that you can buy at "Wal-Mart", while still powered by the same protocols and middleware. It is all about reaching the critical mass of adoption, isn't it? The vendors (of course) do not have to publish anything, they would use the Open Security Hardware as a reference; they may even contribute to that part with additional tests since this part is quite important, but also boring and time-consuming. Another advantage with using standard electronics is that you can get away from the Wassenaar agreement because the low-cost version can be manufactured everywhere, including by countries that do not respect international crypto export laws. The latter are quite dubious anyway: nowadays terrorists are legal residents and can buy (or download) whatever they want. Anders From anders.rundgren@telia.com Sun Nov 14 05:59:21 2010 Return-Path: X-Original-To: keyprov@core3.amsl.com Delivered-To: keyprov@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 27C693A6962 for ; Sun, 14 Nov 2010 05:59:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.473 X-Spam-Level: X-Spam-Status: No, score=-2.473 tagged_above=-999 required=5 tests=[AWL=-0.363, BAYES_05=-1.11, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bc62buqYBn73 for ; Sun, 14 Nov 2010 05:59:15 -0800 (PST) Received: from smtp-out21.han.skanova.net (smtp-out21.han.skanova.net [195.67.226.208]) by core3.amsl.com (Postfix) with ESMTP id D0DD53A6A46 for ; Sun, 14 Nov 2010 05:59:13 -0800 (PST) Received: from [192.168.0.201] (81.232.45.215) by smtp-out21.han.skanova.net (8.5.124.10) (authenticated as u36408181) id 4C7E106501D5F277; Sun, 14 Nov 2010 14:59:51 +0100 Message-ID: <4CDFEB56.9010704@telia.com> Date: Sun, 14 Nov 2010 14:59:50 +0100 From: Anders Rundgren User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: KEYPROV Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: [KEYPROV] Standardization effort: Public Keys in JSON X-BeenThere: keyprov@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "Provisioning of Symmetric Keys \(keyprov\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2010 13:59:21 -0000 Apparently the research branches of Microsoft and Google have begun losing faith in X.509 as well as in XML for large-scale deployments on the web: http://self-issued.info/?p=390 Personally, I do not see how a format can change the basic issues that much. Sometimes I get feeling that people are getting desperate of the [admittedly] limited progress in this space but fail to see that this is mainly due to the fact that you need to get a much wider bunch of people on board than your average security standard effort requires like: - Browser developers - Platform architects - Hardware device vendors and experts - Usability connoisseurs - Privacy advocates (well....) - Protocol designers - Product managers - Potential users If you multiply this list by N number of fierce competitors, obsessed with IPR and powered by NIH, it pretty easy to see that it is a lost case from day #1. That doesn't imply that nothing will ever happen; something will surely happen but it won't be through traditional standardization processes because these have proven [over and over again] to not "deliver". Anders From anders.rundgren@telia.com Sat Nov 20 05:45:38 2010 Return-Path: X-Original-To: keyprov@core3.amsl.com Delivered-To: keyprov@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 41DAA28C0ED for ; Sat, 20 Nov 2010 05:45:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.881 X-Spam-Level: X-Spam-Status: No, score=-1.881 tagged_above=-999 required=5 tests=[AWL=-0.882, BAYES_50=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T09Jj3UB-cc5 for ; Sat, 20 Nov 2010 05:45:35 -0800 (PST) Received: from smtp-out21.han.skanova.net (smtp-out21.han.skanova.net [195.67.226.208]) by core3.amsl.com (Postfix) with ESMTP id 6604E28C0D0 for ; Sat, 20 Nov 2010 05:45:34 -0800 (PST) Received: from [192.168.0.201] (81.232.45.215) by smtp-out21.han.skanova.net (8.5.124.10) (authenticated as u36408181) id 4C7E106501FF78E2; Sat, 20 Nov 2010 14:46:24 +0100 Message-ID: <4CE7D12E.6030002@telia.com> Date: Sat, 20 Nov 2010 14:46:22 +0100 From: Anders Rundgren User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: KEYPROV Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [KEYPROV] On-line provisioning of SIMs X-BeenThere: keyprov@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "Provisioning of Symmetric Keys \(keyprov\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Nov 2010 13:45:38 -0000 http://www.gsmworld.com/newsroom/press-releases/2010/5726.htm As I said a million times before, on-line provisioning of HW tokens is the future. How does DSKPP fit SIMs? As far as I can tell DSKPP does not support E2ES (End To End Security) as specified by GlobalPlatform. So it seems that a *new* quest for a provisioning protocol is here! My take on this subject is (still...) that since HW tokens with few exceptions are firmware-based, you might as well define the protocol and the container in one step. Many containers will in fact allow field upgrades of the firmware, making such schemes better match the current computing paradigm where you automagically get a major mobile OS upgrade every 4-6 months. Getting a unified driver as "side-effect" isn't that bad either; who (in their right mind...) *likes* smart card middleware? What may not be entirely obvious is that there is no need changing existing applications or cryptographic APIs if you consider on-line provisioning as a distinct new task, having its own API. Don't fix things that aren't broken has been an engineer's motto since ages back! thanx, Anders