[Ietf-keyprov] RE: [oasis-charter-discuss] EKMI

Hallam-Baker, Phillip pbaker at verisign.com
Sun Nov 19 08:08:47 CST 2006 

It was suggested that some people might be misled by the use of certain language. "Some might be misled into thinking that 3DES/AES keys are being provisioned by the Provisioning System for general use by business applications, "

I pointed out that standards are not tutorials. So the fact that people who are unfamiliar with the standard terminology of the field might misinterpret the charter is not relevant. 


I suggest that you modulate your own tone and retract your accusations immediately.


> -----Original Message-----
> From: John Messing [mailto:jmessing at law-on-line.com] 
> Sent: Sunday, November 19, 2006 8:43 AM
> To: Hallam-Baker, Phillip
> Cc: oasis-charter-discuss at lists.oasis-open.org; 
> ietf-keyprov at safehaus.org; June Leung; Terwilliger,Ann; Davi 
> Ottenheimer; ken at adler.net; Arshad Noor
> Subject: RE: [oasis-charter-discuss] EKMI
> 
> All:
> 
> I personally dislike bullies, whether street thugs or the 
> intellectually effete. Please modulate your tone and comments 
> accordingly.
> 
> Thank you.
> 
> 
> > -------- Original Message --------
> > Subject: RE: [oasis-charter-discuss] EKMI
> > From: "Hallam-Baker, Phillip" <pbaker at verisign.com>
> > Date: Sat, November 18, 2006 8:03 pm
> > To: "Arshad Noor" <arshad.noor at strongauth.com>
> > Cc: <oasis-charter-discuss at lists.oasis-open.org>,
> > <ietf-keyprov at safehaus.org>, "June Leung" 
> <June.Leung at FundServ.com>, 
> > "Terwilliger, Ann" <aterwil at visa.com>, "John Messing"
> > <jmessing at law-on-line.com>, "Davi Ottenheimer" <davi at poetry.org>, 
> > <ken at adler.net>
> > 
> > > From: Arshad Noor [mailto:arshad.noor at strongauth.com]
> > 
> > > The confusion between the WG and TC charters arises 
> because of the 
> > > industry's (sometimes misguided) notion for referring to 
> the "shared 
> > > secrets" of authentication credentials as "symmetric 
> keys" - which 
> > > is similar to the term used by cryptographers when referring to 
> > > encryption/decryption keys used with symmetric ciphers.
> > 
> > The use of the term symmetric key to refer to a MAC key is 
> the accepted term in the field.
> > 
> > There are several proposed MAC modes for AES and there are 
> several composite encryption/authentication modes for block ciphers.
> > 
> > 
> > > In addition, the use of such algorithms (3DES, AES) and
> > > symmetric- encryption keys by the KEYPROV protocols to 
> protect the 
> > > "shared credential secret" during provisioning, adds to the 
> > > confusion.
> > > Some might be misled into thinking that 3DES/AES keys are being 
> > > provisioned by the Provisioning System for general use by 
> business 
> > > applications, as opposed to the use of those symmetric encryption 
> > > keys by the Provisioning System and the Credential Container for 
> > > securely transporting the credential-secret between the two.
> > 
> > Such misperceptions are not a concern. It is not our job to 
> give people tutorials in network protocol design.
> 
> 
>

More information about the Ietf-keyprov mailing list