Portable Symmetric Key Container (PSKC)
draft-ietf-keyprov-pskc-09
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
09 | (System) | post-migration administrative database adjustment to the No Objection position for Sean Turner |
2012-08-22
|
09 | (System) | post-migration administrative database adjustment to the No Objection position for Russ Housley |
2010-09-20
|
09 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2010-09-20
|
09 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2010-09-20
|
09 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2010-09-09
|
09 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2010-09-09
|
09 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2010-09-01
|
09 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2010-09-01
|
09 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2010-08-19
|
09 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2010-08-05
|
09 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2010-08-04
|
09 | (System) | IANA Action state changed to In Progress |
2010-08-04
|
09 | Cindy Morgan | IESG state changed to Approved-announcement sent |
2010-08-04
|
09 | Cindy Morgan | IESG has approved the document |
2010-08-04
|
09 | Cindy Morgan | Closed "Approve" ballot |
2010-08-04
|
09 | Cindy Morgan | State Changes to Approved-announcement to be sent from Waiting for AD Go-Ahead by Cindy Morgan |
2010-08-02
|
09 | (System) | New version available: draft-ietf-keyprov-pskc-09.txt |
2010-08-02
|
09 | Alexey Melnikov | [Ballot Position Update] Position for Alexey Melnikov has been changed to No Objection from Discuss by Alexey Melnikov |
2010-08-02
|
09 | Alexey Melnikov | [Ballot comment] : This element indicates the manufacturer of the device. Values for Manufacturer SHOULD be taken from either … [Ballot comment] : This element indicates the manufacturer of the device. Values for Manufacturer SHOULD be taken from either [OATHMAN] prefixes (i.e., the left column) or they SHOULD be taken from IANA Private Enterprise Number Registry [IANAPENREG], using the Organisation value. Having 2 SHOULDs is not quite correct, as this might be interpreted that a third registry can be used here. When the value is taken from [OATHMAN] "oath." MUST be prepended to the value (e.g. "oath."). When the value is taken from [IANAPENREG] "iana." MUST be prepended to the value (e.g. "iana."). Is the registry described by [OATHMAN] Open and contains stable information? |
2010-08-02
|
09 | Alexey Melnikov | [Ballot discuss] |
2010-08-02
|
08 | (System) | New version available: draft-ietf-keyprov-pskc-08.txt |
2010-06-29
|
09 | Sean Turner | [Ballot Position Update] Position for Sean Turner has been changed to No Objection from Discuss by Sean Turner |
2010-06-29
|
09 | Alexey Melnikov | [Ballot comment] Is the registry described by [OATHMAN] Open and contains stable information? |
2010-06-29
|
09 | Alexey Melnikov | [Ballot discuss] This is a fine document, however I have one remaining issue I would like to discuss before recommending approval of this document: 2) … [Ballot discuss] This is a fine document, however I have one remaining issue I would like to discuss before recommending approval of this document: 2) 4.2.1. Element: Unique Device Identification : This element indicates the manufacturer of the device. Values for Manufacturer SHOULD be taken from either [OATHMAN] prefixes (i.e., the left column) To double check - did you mean the two character alphanumeric codes? or they SHOULD be taken from IANA Private Enterprise Number Registry [IANAPENREG], using the Organisation value. Having pointers to 2 registries which might contain clashing names is the worst combination possible. If you don't believe you can ever have a clash, this should be clarified in the document. Otherwise I would advise you define a unique prefix for at least one of the registries. For example, you can use the following values in the element: iana. and oathman. One prefix can be eliminated, if it can never occur in the other registry. |
2010-06-28
|
09 | Peter Saint-Andre | [Ballot discuss] |
2010-06-28
|
09 | Peter Saint-Andre | [Ballot Position Update] Position for Peter Saint-Andre has been changed to No Objection from Discuss by Peter Saint-Andre |
2010-06-28
|
07 | (System) | New version available: draft-ietf-keyprov-pskc-07.txt |
2010-06-09
|
09 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2010-06-04
|
09 | Amanda Baber | IANA comments: The actions don't appear to have changed since the first Last Call, but the document still needs to indicate that the PSKC Algorithm … IANA comments: The actions don't appear to have changed since the first Last Call, but the document still needs to indicate that the PSKC Algorithm Profiles registry should include both HOTP and KEYPROV-PIN. |
2010-06-01
|
09 | Peter Saint-Andre | [Ballot comment] |
2010-06-01
|
09 | Peter Saint-Andre | [Ballot discuss] 1. [Addressed in -06.] 2. No guidance is provided about how to ensure that the 'Id' attribute is globally unique. To help ensure … [Ballot discuss] 1. [Addressed in -06.] 2. No guidance is provided about how to ensure that the 'Id' attribute is globally unique. To help ensure interoperability, a reference to RFC 4122 might be in order. 3. The syntax of the element is unspecified. In general, the Internet Date/Time Format specified in RFC 3339 is preferred, but any profile of ISO 8601 is probably acceptable as long as it is clearly specified to ensure interoperability. The same considerations apply to the and elements. 4. [Clarified via email, no changes to spec.] 5. [Addressed in -06.] 6. No guidance is provided regarding when to increment the version number, nor regarding the significance of major and minor versions. You might be able to borrow some text from Section 4.4.1 of RFC 3920 or some other specification. 7. [Addressed in -06.] 8. [Addressed in -06.] 9. Section 13.1 refers to "transport layer security" but does not provide a reference to RFC5246 or alternate approaches. Also, is any technology that provides a secure channel between the source secure perimeter and the target perimeter acceptable? |
2010-05-26
|
09 | Amy Vezza | Last call sent |
2010-05-26
|
09 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2010-05-26
|
09 | Tim Polk | Last Call was requested by Tim Polk |
2010-05-26
|
09 | Tim Polk | State Changes to Last Call Requested from IESG Evaluation::AD Followup by Tim Polk |
2010-05-26
|
09 | Alexey Melnikov | [Ballot comment] 13.1. Payload Confidentiality Practical implementations should use PBESalt and PBEIterationCount when PBE encryption is used. Different PBESalt value per key … [Ballot comment] 13.1. Payload Confidentiality Practical implementations should use PBESalt and PBEIterationCount when PBE encryption is used. Different PBESalt value per key container should be used for best protection. This is the first time PBE is mentioned in the document, so the acronym needs expanding and a reference is needed. |
2010-05-26
|
09 | Alexey Melnikov | [Ballot discuss] This is a fine document, however I have a list of issues I would like to discuss before recommending approval of this document: … [Ballot discuss] This is a fine document, however I have a list of issues I would like to discuss before recommending approval of this document: 2) 4.2.1. Element: Unique Device Identification : This element indicates the manufacturer of the device. Values for Manufacturer SHOULD be taken from [OATHMAN] DISCUSS DISCUSS: I want to make sure that this registry is Open and contains stable information. 4) 12.4. PSKC Algorithm Profile Registry Algorithm Definition: A reference to the stable document in which the algorithm being used with the PSKC is defined. Is this field required? If yes, you should change the registration procedure to "Specification Required" (which implies "Expert Review"). Similar issue in Section 12.6. 6) 4.1. : Embedding Keying Material and Key Related Information The element has a number of optional child elements. An initial set is described below: [...] : A human readable name for the secret key for easier reference. This element serves informational purposes only. This field seems to be human readable, so I think BCP 18 (RFC 2277), Section 4.2 applies. So this would need ability to have a language tag, most likely using the xml:lang attribute. You should also specify the default language, if not specified (suggest "en"). (Note that if this field is an identifier, then no language tag is needed.) You can find a bit more information on <> |
2010-05-25
|
09 | Russ Housley | [Ballot Position Update] Position for Russ Housley has been changed to No Objection from Discuss by Russ Housley |
2010-05-25
|
09 | Alexey Melnikov | [Ballot comment] 13.1. Payload Confidentiality Practical implementations should use PBESalt and PBEIterationCount when PBE encryption is used. Different PBESalt value per key … [Ballot comment] 13.1. Payload Confidentiality Practical implementations should use PBESalt and PBEIterationCount when PBE encryption is used. Different PBESalt value per key container should be used for best protection. This is the first time PBE is mentioned in the document, so the acronym needs expanding and a reference is needed. |
2010-05-25
|
09 | Alexey Melnikov | [Ballot discuss] This is a fine document, however I have a list of issues I would like to discuss before recommending approval of this document: … [Ballot discuss] This is a fine document, however I have a list of issues I would like to discuss before recommending approval of this document: 2) 4.2.1. Element: Unique Device Identification : This element indicates the manufacturer of the device. DISCUSS DISCUSS: Is there any IANA registry that can be recommended for use in this field? 4) 12.4. PSKC Algorithm Profile Registry Algorithm Definition: A reference to the stable document in which the algorithm being used with the PSKC is defined. Is this field required? If yes, you should change the registration procedure to "Specification Required" (which implies "Expert Review"). Similar issue in Section 12.6. PSKC algorithm profile identifier registrations are to be subject to Expert Review as per RFC 5226 [RFC5226]. Updates can be provided based on expert approval only. Based on expert approval, it is possible to mark entries as "deprecated". (Comment) I would recommend adding this as a field to the registration template. 6) 4.1. : Embedding Keying Material and Key Related Information The element has a number of optional child elements. An initial set is described below: [...] : A human readable name for the secret key for easier reference. This element serves informational purposes only. This field seems to be human readable, so I think BCP 18 (RFC 2277), Section 4.2 applies. So this would need ability to have a language tag, most likely using the xml:lang attribute. You should also specify the default language, if not specified (suggest "en"). (Note that if this field is an identifier, then no language tag is needed.) You can find a bit more information on <> |
2010-05-14
|
09 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2010-05-14
|
06 | (System) | New version available: draft-ietf-keyprov-pskc-06.txt |
2010-05-07
|
09 | (System) | Removed from agenda for telechat - 2010-05-06 |
2010-05-06
|
09 | Cindy Morgan | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Cindy Morgan |
2010-05-06
|
09 | Amy Vezza | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Amy Vezza |
2010-05-06
|
09 | Russ Housley | [Ballot comment] Typo: s/MAC-Based One Time Password/HMAC-Based One Time Password/ |
2010-05-06
|
09 | Russ Housley | [Ballot discuss] It is not always obvious which elements are mandtory or optional, especially when optional elements have mandatory child elements. The examples … [Ballot discuss] It is not always obvious which elements are mandtory or optional, especially when optional elements have mandatory child elements. The examples and recommended values help, but something more crisp would be very helpful. In Section 3, what portions of this section are mandatory in the Container? In Figure 1, it is clear that is optional; however; it is not clear if all the child elements are mandatory. In Section 4.2.1, says that "certain child elements of the element MUST be included in order to uniquely identify a device." Yet it us not clear which elements are mandatory to included. |
2010-05-06
|
09 | Russ Housley | [Ballot Position Update] Position for Russ Housley has been changed to Discuss from No Objection by Russ Housley |
2010-05-06
|
09 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
2010-05-06
|
09 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko |
2010-05-06
|
09 | Sean Turner | [Ballot discuss] #1) This is a placeholder DISCUSS. Awaiting response to SECDIR review: http://www.ietf.org/mail-archive/web/secdir/current/msg01660.html |
2010-05-06
|
09 | Sean Turner | [Ballot Position Update] New position, Discuss, has been recorded by Sean Turner |
2010-05-06
|
09 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded by Adrian Farrel |
2010-05-06
|
09 | Adrian Farrel | [Ballot comment] I'm going to mutter about IPR again rom a feeling of disquiet rather than any evidence that there is something wrong. This I-D … [Ballot comment] I'm going to mutter about IPR again rom a feeling of disquiet rather than any evidence that there is something wrong. This I-D seems to combine some of the IPR issues from draft-ietf-keyprov-dskpp and draft-ietf-keyprov-symmetrickeyformat It looks from the proto-write-up that the filed disclosures were notified to the WG but resulted in no discussion. So maybe that's OK The reference to the Luhn patent is probably covered by the fact that it is very old, but maybe should be a stable reference. |
2010-05-06
|
09 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded by Gonzalo Camarillo |
2010-05-05
|
09 | Alexey Melnikov | [Ballot comment] 13.1. Payload Confidentiality Practical implementations should use PBESalt and PBEIterationCount when PBE encryption is used. Different PBESalt value per key … [Ballot comment] 13.1. Payload Confidentiality Practical implementations should use PBESalt and PBEIterationCount when PBE encryption is used. Different PBESalt value per key container should be used for best protection. This is the first time PBE is mentioned in the document, so the acronym needs expanding and a reference is needed. |
2010-05-05
|
09 | Alexey Melnikov | [Ballot discuss] This is a fine document, however I have a list of issues I would like to discuss before recommending approval of this document: … [Ballot discuss] This is a fine document, however I have a list of issues I would like to discuss before recommending approval of this document: 1) 4.1. : Embedding Keying Material and Key Related Information : This element carries the time interval value for time based OTP algorithms. What is the resolution for this element? 2) 4.2.1. Element: Unique Device Identification : This element indicates the manufacturer of the device. DISCUSS DISCUSS: Is there any IANA registry that can be recommended for use in this field? 3) 4.2.4. Element: Supplementary Information for OTP and CR Algorithms 'Encoding': This attribute, which MUST be included, defines the encoding of the challenge accepted by the device and MUST be one of the following values: BASE64 Base 64 encoded This needs a proper reference, for example "Base 64 encoded as defined in Section 4 of [RFC4648]". 4) 12.4. PSKC Algorithm Profile Registry Algorithm Definition: A reference to the stable document in which the algorithm being used with the PSKC is defined. Is this field required? If yes, you should change the registration procedure to "Specification Required" (which implies "Expert Review"). Similar issue in Section 12.6. PSKC algorithm profile identifier registrations are to be subject to Expert Review as per RFC 5226 [RFC5226]. Updates can be provided based on expert approval only. Based on expert approval, it is possible to mark entries as "deprecated". (Comment) I would recommend adding this as a field to the registration template. 5) 16.2. Informative References [AESKWPAD] Housley, R. and M. Dworkin, "Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm", March 2009, . It looks like this reference is Normative (Referenced in a sentence using "RECOMMENDED" RFC 2119 keyword). [HOTP] MRaihi, D., Bellare, M., Hoornaert, F., Naccache, D., and O. Ranen, "HOTP: An HMAC-Based One Time Password Algorithm", RFC 4226, December 2005. This reference is Normative due to Section 10.1. [LUHN] Luhn, H., "Luhn algorithm", US Patent 2950048, August 1960, . This should be a Normative reference. It also needs to be more stable. (See IETF LC discussion on draft-ietf-keyprov-symmetrickeyformat-08.txt) 6) 4.1. : Embedding Keying Material and Key Related Information The element has a number of optional child elements. An initial set is described below: [...] : A human readable name for the secret key for easier reference. This element serves informational purposes only. This field seems to be human readable, so I think BCP 18 (RFC 2277), Section 4.2 applies. So this would need ability to have a language tag, most likely using the xml:lang attribute. You should also specify the default language, if not specified (suggest "en"). (Note that if this field is an identifier, then no language tag is needed.) You can find a bit more information on <> |
2010-05-05
|
09 | Robert Sparks | [Ballot Position Update] New position, No Objection, has been recorded by Robert Sparks |
2010-05-05
|
09 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
2010-05-04
|
09 | Peter Saint-Andre | [Ballot comment] 1. I must be missing something, but where exactly in this specification is the KEYPROV-PIN algorithm defined? I see it mentioned only in … [Ballot comment] 1. I must be missing something, but where exactly in this specification is the KEYPROV-PIN algorithm defined? I see it mentioned only in the IANA considerations. 2. I have not yet had a chance to review the XML schema but will do so as soon as possible. |
2010-05-04
|
09 | Peter Saint-Andre | [Ballot discuss] 1. The defined and referenced identifiers are described as URIs of the form xmlns:foo="someUri" and each identifier specifies a prefix such as "foo". … [Ballot discuss] 1. The defined and referenced identifiers are described as URIs of the form xmlns:foo="someUri" and each identifier specifies a prefix such as "foo". For example: The XML namespace [XMLNS] URI for Version 1.0 of PSKC is: xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" References to qualified elements in the PSKC schema defined herein use the prefix "pskc". The URI here is "urn:ietf:params:xml:ns:keyprov:pskc" without the "xmlns:pskc=" preceding the URI so to reduce confusion it would be best to include only the URI. Also, is the prefix "pskc" hardcoded, or are developers allowed to use any prefix? The point of XML namespaces was not to hardcode prefixes, so it would be best to say that the "pskc" prefix is used in examples here but any prefix is allowed. 2. No guidance is provided about how to ensure that the 'Id' attribute is globally unique. To help ensure interoperability, a reference to RFC 4122 might be in order. 3. The syntax of the element is unspecified. In general, the Internet Date/Time Format specified in RFC 3339 is preferred, but any profile of ISO 8601 is probably acceptable as long as it is clearly specified to ensure interoperability. The same considerations apply to the and elements. 4. Does the child element apply to literally all children of the element? How will implementations interoperate if, say, the element or element is encrypted? Will the need to decrypt such elements introduce additional processing requirements and the possibility of denial of service? 5. No guidance is provided regarding values for 'MaxFailedAttempts'; for example, a reasonable number of retries might be at least 2 and no more than 5. 6. No guidance is provided regarding when to increment the version number, nor regarding the significance of major and minor versions. You might be able to borrow some text from Section 4.4.1 of RFC 3920 or some other specification. 7. The security considerations in the content-type registration for 'application/pskc+xml' need to reference this specification because otherwise they are minimal at best. 8. The PSKC Algorithm Registry template says that algorithms are identified by URNs; are URIs not allowed? If not, why not? 9. Section 13.1 refers to "transport layer security" but does not provide a reference to RFC5246 or alternate approaches. Also, is any technology that provides a secure channel between the source secure perimeter and the target perimeter acceptable? |
2010-05-04
|
09 | Peter Saint-Andre | [Ballot Position Update] New position, Discuss, has been recorded by Peter Saint-Andre |
2010-05-04
|
09 | Russ Housley | [Ballot comment] It is not always obvious which elements are mandtory or optional, especially when optional elements have mandatory child elements. The examples … [Ballot comment] It is not always obvious which elements are mandtory or optional, especially when optional elements have mandatory child elements. The examples and recommended values help, but something more crisp would be very helpful. In Section 3, what portions of this section are mandatory in the Container? In Figure 1, it is clear that is optional; however; it is not clear if all the child elements are mandatory. In Section 4.2.1, says that "certain child elements of the element MUST be included in order to uniquely identify a device." Yet it us not clear which elements are mandatory to included. Typo: s/MAC-Based One Time Password/HMAC-Based One Time Password/ |
2010-05-04
|
09 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley |
2010-05-04
|
09 | Sam Weiler | Request for Last Call review by SECDIR Completed. Reviewer: Vincent Roca. |
2010-05-02
|
09 | Alexey Melnikov | [Ballot comment] 13.1. Payload Confidentiality Practical implementations should use PBESalt and PBEIterationCount when PBE encryption is used. Different PBESalt value per key … [Ballot comment] 13.1. Payload Confidentiality Practical implementations should use PBESalt and PBEIterationCount when PBE encryption is used. Different PBESalt value per key container should be used for best protection. This is the first time PBE is mentioned in the document, so the acronym needs expanding and a reference is needed. |
2010-05-02
|
09 | Alexey Melnikov | [Ballot discuss] This is a fine document, however I have a list of issues I would like to discuss before recommending approval of this document: … [Ballot discuss] This is a fine document, however I have a list of issues I would like to discuss before recommending approval of this document: 1) 4.1. : Embedding Keying Material and Key Related Information : This element carries the time interval value for time based OTP algorithms. What is the resolution for this element? 2) 4.2.1. Element: Unique Device Identification : This element indicates the manufacturer of the device. DISCUSS DISCUSS: Is there any IANA registry that can be recommended for use in this field? 3) 4.2.4. Element: Supplementary Information for OTP and CR Algorithms 'Encoding': This attribute, which MUST be included, defines the encoding of the challenge accepted by the device and MUST be one of the following values: BASE64 Base 64 encoded This needs a proper reference, for example "Base 64 encoded as defined in Section 4 of [RFC4648]". 4) 12.4. PSKC Algorithm Profile Registry Algorithm Definition: A reference to the stable document in which the algorithm being used with the PSKC is defined. Is this field required? If yes, you should change the registration procedure to "Specification Required" (which implies "Expert Review"). Similar issue in Section 12.6. PSKC algorithm profile identifier registrations are to be subject to Expert Review as per RFC 5226 [RFC5226]. Updates can be provided based on expert approval only. Based on expert approval, it is possible to mark entries as "deprecated". (Comment) I would recommend adding this as a field to the registration template. 5) 16.2. Informative References [AESKWPAD] Housley, R. and M. Dworkin, "Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm", March 2009, . It looks like this reference is Normative (Referenced in a sentence using "RECOMMENDED" RFC 2119 keyword). [HOTP] MRaihi, D., Bellare, M., Hoornaert, F., Naccache, D., and O. Ranen, "HOTP: An HMAC-Based One Time Password Algorithm", RFC 4226, December 2005. This reference is Normative due to Section 10.1. [LUHN] Luhn, H., "Luhn algorithm", US Patent 2950048, August 1960, . This should be a Normative reference. It also needs to be more stable. (See IETF LC discussion on draft-ietf-keyprov-symmetrickeyformat-08.txt) |
2010-05-02
|
09 | Alexey Melnikov | [Ballot Position Update] New position, Discuss, has been recorded by Alexey Melnikov |
2010-04-26
|
09 | Amanda Baber | IANA comments: ACTION 1: make the following assignments in the "Application Media Types" registry at http://www.iana.org/assignments/media-types/application/ Type Reference -------- --------------------- pskc+xml [RFC-keyprov-pskc-05] ACTION 2: make … IANA comments: ACTION 1: make the following assignments in the "Application Media Types" registry at http://www.iana.org/assignments/media-types/application/ Type Reference -------- --------------------- pskc+xml [RFC-keyprov-pskc-05] ACTION 2: make the following assignments in the "IETF XML schema" registry at http://www.iana.org/assignments/xml-registry/schema.html ID URI Filename Reference ------------ --------------------------------------- ------------ --------------------- keyprov:pskc urn:ietf:params:xml:schema:keyprov:pskc keyprov:pskc [RFC-keyprov-pskc-05] ACTION 3: make the following assignments in the "IETF XML ns" registry at http://www.iana.org/assignments/xml-registry/ns.html ID URI Filename Reference ------------ ----------------------------------- ------------ --------------------- keyprov:pskc urn:ietf:params:xml:ns:keyprov:pskc keyprov:pskc [RFC-keyprov-pskc-05] ACTION 4: create the following registry at http://www.iana.org/assignments/TBD Registry Name: PSKC Algorithm Profiles Registration policy: Expert Review Reference: [RFC-keyprov-pskc-05] As specified in section 12.4, the columns of the registry will be: - Common Name: The name by which the PSKC algorithm profile is generally referred. - Class: The type of PSKC algorithm profile registry entry being created, such as encryption, Message Authentication Code (MAC), One Time Password (OTP), Digest. - URN: The URN to be used to identify the profile. - Identifier Definition: IANA will be asked to add a pointer to the specification containing information about the PSKC algorithm profile registration. - Algorithm Definition: A reference to the stable document in which the algorithm being used with the PSKC is defined. - Registrant Contact: Contact information about the party submitting the registration request. - PSKC Profiling: Information about PSKC XML elements and attributes being used (or not used) with this specific profile of PSKC. - Reference The initial content will be as described in section 10.1 and 10.2 ACTION 5: create the following registry at http://www.iana.org/assignments/TBD Registry Name: PSKC Versions Registration policy: Standards Action. Reference: [RFC-keyprov-pskc-05] Initial content of the registry: PSKC Version Reference ------------ --------- 1.0 [RFC-keyprov-pskc-05] ACTION 6: create the following registry at http://www.iana.org/assignments/TBD Registry Name: PSKC Key Usage Registration policy: Expert review Reference: [RFC-keyprov-pskc-05] Initial content of the registry: Key Usage Token Reference --------------- --------------------- OTP [RFC-keyprov-pskc-05] CR [RFC-keyprov-pskc-05] Encrypt [RFC-keyprov-pskc-05] Integrity [RFC-keyprov-pskc-05] Verify [RFC-keyprov-pskc-05] Unlock [RFC-keyprov-pskc-05] Decrypt [RFC-keyprov-pskc-05] KeyWrap [RFC-keyprov-pskc-05] Unwrap [RFC-keyprov-pskc-05] Derive [RFC-keyprov-pskc-05] Generate [RFC-keyprov-pskc-05] |
2010-04-26
|
09 | Tim Polk | Placed on agenda for telechat - 2010-05-06 by Tim Polk |
2010-04-26
|
09 | Tim Polk | [Note]: 'Document shepherd is Hannes Tschofenig (Hannes.Tschofenig@gmx.net).' added by Tim Polk |
2010-04-26
|
09 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2010-04-22
|
09 | Tim Polk | [Ballot Position Update] New position, Yes, has been recorded for Tim Polk |
2010-04-22
|
09 | Tim Polk | Ballot has been issued by Tim Polk |
2010-04-22
|
09 | Tim Polk | Created "Approve" ballot |
2010-04-15
|
09 | Sam Weiler | Request for Last Call review by SECDIR is assigned to Vincent Roca |
2010-04-15
|
09 | Sam Weiler | Request for Last Call review by SECDIR is assigned to Vincent Roca |
2010-04-12
|
09 | Cindy Morgan | State Changes to In Last Call from Last Call Requested by Cindy Morgan |
2010-04-12
|
09 | Tim Polk | Last Call was requested by Tim Polk |
2010-04-12
|
09 | Tim Polk | State Changes to Last Call Requested from Publication Requested by Tim Polk |
2010-04-12
|
09 | (System) | Ballot writeup text was added |
2010-04-12
|
09 | (System) | Last call text was added |
2010-04-12
|
09 | (System) | Ballot approval text was added |
2010-03-02
|
09 | Tim Polk | Responsible AD has been changed to Tim Polk from Pasi Eronen |
2010-03-01
|
09 | Pasi Eronen | (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the … (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? The document shepherd is Hannes Tschofenig (Hannes.Tschofenig@gmx.net). I have personally reviewed the document and I believe it is ready for publication. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document was reviewed by working group members. There are no concerns regarding the depth or breadth of the review. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization, or XML? There are no concerns with this document. The document contains XML examples and an XML schema but the working group feels comfortable that those are correct. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. There are no concerns with this document. An IPR disclosure has been filed but did not lead to discussions within the working group. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is consensus in the WG behind the document. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) There is no opposition to this document. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See http://www.ietf.org/ID-Checklist.html and http://tools.ietf.org/tools/idnits/.) Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type, and URI type reviews? If the document does not already indicate its intended status at the top of the first page, please indicate the intended status here. The document does not contain nits. The document contains a URN sub-namespace registration, XML schema registration, and a content-type registration. (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. The document has been split into normative and informative references. There are references to non-IETF documents that need to be indicated during IETF last call: [PKCS5] RSA Laboratories, "PKCS #5: Password-Based Cryptography Standard", Version 2.0, URL: http://www.rsasecurity.com/rsalabs/pkcs/, March 1999. [XMLDSIG] Eastlake, D., "XML-Signature Syntax and Processing", URL: http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/, W3C Recommendation, February 2002. [XMLENC] Eastlake, D., "XML Encryption Syntax and Processing.", URL: http://www.w3.org/TR/xmlenc-core/, W3C Recommendation, December 2002. [XMLENC11] Eastlake, D., "XML Encryption Syntax and Processing Version 1.1.", URL: http://www.w3.org/TR/2009/WD-xmlenc-core1-20090730, W3C Recommendation, July 2009. (1.i) Has the Document Shepherd verified that the document's IANA Considerations section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC2434]. If the document describes an Expert Review process, has the Document Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during IESG Evaluation? The document has an IANA considerations section that is consistent with the body. This document defines new registries and the allocation of new entries into these registries is based on expert review. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? The XML code has been validated. Some examples contain cryptographically generated material and it was created by one of the reference implementations. (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary This document specifies an XML-based key format for transport and provisioning of symmetric keys to different types of crypto modules. For example, One Time Password (OTP) shared secrets or symmetric cryptographic keys to strong authentication devices. A standard key transport format enables enterprises to deploy best-of-breed solutions combining components from different vendors into the same infrastructure. Working Group Summary There was consensus in the WG to publish the document. Document Quality The document is a product of the KEYPROV working group and the group has spend a fair amount of time working on this specification to ensure high quality output. Two independent implementations have been created by the document authors. A third implementation has been created by a student of Tim Polk. The code is, however, not available as open source. Personnel Hannes Tschofenig is the document shepherd for this document. |
2010-03-01
|
09 | Pasi Eronen | Draft Added by Pasi Eronen in state Publication Requested |
2010-03-01
|
09 | Pasi Eronen | [Note]: 'Document shepherd is Hannes Tschofenig (Hannes.Tschofenig@gmx.net).' added by Pasi Eronen |
2010-01-08
|
05 | (System) | New version available: draft-ietf-keyprov-pskc-05.txt |
2009-10-23
|
04 | (System) | New version available: draft-ietf-keyprov-pskc-04.txt |
2009-06-09
|
03 | (System) | New version available: draft-ietf-keyprov-pskc-03.txt |
2009-02-25
|
(System) | Posted related IPR disclosure: VeriSign's Statement about IPR related to draft-mraihi-mutual-oath-hotp-variants, draft-mraihi-totp-timebased, draft-ietf-keyprov-dskpp, draft-ietf-keyprov-pskc, and RFC 4226 | |
2009-02-23
|
02 | (System) | New version available: draft-ietf-keyprov-pskc-02.txt |
2009-02-18
|
(System) | Posted related IPR disclosure: VeriSign's Statement about IPR related to draft-ietf-keyprov-pskc, draft-ietf-keyprov-dskpp, draft-mraihi-totp-timebased, draft-mraihi-mutual-oath-hotp-variants, and RFC 4226 | |
2009-01-21
|
01 | (System) | New version available: draft-ietf-keyprov-pskc-01.txt |
2009-01-13
|
00 | (System) | New version available: draft-ietf-keyprov-pskc-00.txt |