[Ietf-keyprov] RE: KeyProv Scope

Hallam-Baker, Phillip pbaker at verisign.com
Mon Nov 20 12:09:43 CST 2006 

I am not quite sure what you are arguing for here or whether you are arguing for something to be in or out of scope.
 
Could you clarify whether you are proposing something you want to do or something you think people might want to do but should not?
 
One would hope that the key once provisioned would remain in the device regardless of application. This is not always possible to guarantee (secure hardware, etc.) but generally one would expect it to be provisioned to one device and stay there and if you needed a key in a different device provision to that device.
 
Once provisioned the scope of KEYPROV ends. Whether they are used for symmetric key authentication tokens (e.g. OTP, challenge/response) or DNSSEC or BGPSEC or whatever is not in scope for the protocol except insofar as the only clearly defined deployment community to date is for symmetric key authentication tokens.
 
 
The way I see it there is a big difference between a key provisioning protocol and a key exchange protocol like Kerberos, WS-SecureConversation, IKE etc. In a key exchange protocol your starting point is some pre-established set of keys. In a provisioning protocol the point is to establish those keys.
 
While you could use a sufficiently general provisioning protocol to do all your key provisioning and key exchange needs I don't think that makes a lot of sense. We have good key exchange protocols and these are already well defined as is their relationship to the applications that employ them. 
 
I don't see a need to repeat that work, but I don't see a need to come out with an explicit statement that the KEYPROV protocol must not be used in that situation or worse that we be required to design KEYPROV in such a way as to prevent it from being used in that fashion. I don't expect that last one to come up in KEYPROV but I have seen it come up in the past.
 
 
The point at this time is to focus on the charter, not the use cases. If there is a rat hole that must be avoided then it would be appropriate to mention that in the charter. If on the other hand the concern is that people might do something unfortunate with the final result that would be appropriate for an applicability statement or a security considerations. A charter is not a tutorial, it is a Statement Of Work intended to be read by a very specific audience. 
 


________________________________

	From: Shanmugam, Murugaraj [mailto:murugaraj.shanmugam at siemens.com] 
	Sent: Monday, November 20, 2006 3:48 AM
	To: ietf-keyprov at safehaus.org
	Cc: Hallam-Baker, Phillip
	Subject: KeyProv Scope
	
	

	Hi, 

	I have a few questions relsted to the scope of KeyProv: 

	1. If a user obtains a symmetric key using the "KeyProv" protocol, is it possible to use only within the device (say, S/Ws running) or is it intended to use with other Application Services (e.g., a third party service via the Internet)? (of course assuming appropriate relationship between the Provisioning server and the TTP).

	2. If the later applies, will the "KeyProv" handle the protocol, between the TTP and the provisioning server, which faciliates the verification?

	Thanks 

	Ciao, 
	Raj. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.safehaus.org/pipermail/ietf-keyprov/attachments/20061120/9e447ffa/attachment.html

More information about the Ietf-keyprov mailing list