This message is being sent to the IETF mailing list in accordance with recent
requests to notify IETF members of proposals to form working groups etc in this
forum.
The OATH consortium and RSA recently submitted proposals relating to the
provisioning of symmetric keys.
While the immediate focus of these proposals is OTP tokens any technology
developed is likely to have widespread application within the standards
community. In particular we note that the IETF now requires proposals involving
the use of cryptographic material to provide a means of managing and
provisioning the keying material.
To this end we have set up a mailing list to discuss the proposed formation of
an IETF WG in response to the security ADs request that we establish it prior
to consideration of our request for a BOF.
The strawman charter has been discussed at some length within OATH already,
possibly more than is desirable for a pre-pre-standards activity.
The proposed name is KEYPROV
The mailing list is ietf-keyprov(_at_)safehaus(_dot_)org
<mailto:ietf-keyprov(_at_)safehaus(_dot_)org>
The name ietf-keyprov has been chosen to impress upon the members the fact that
the mailing list is for the purpose of discussions that are intended to form an
IETF working group that will operate under NOTE WELL and result in a spec
consistent with the IPR requirements set out in the draft charter.
The draft charter is:
Provisioning of Symmetric Keys (KEYPROV)
Background
One Time Password (OTP) tokens provide a convenient and secure means of user
authentication. Combined with a PIN an OTP token provides a robust two factor
authentication solution.
Recent developments in Internet crime, in particular credential theft
(phishing) makes the widespread use of and thus development of open standards
for OTP tokens and other symmetric key cryptographic systems highly desirable.
This requires a standards based key provisioning infrastructure analogous to
the mechanisms provided in public key infrastructures. In particular the
ability to provision symmetric keys and associated attributes dynamically to
already issued devices such as cell phones and USB drives is highly desirable.
The working group will develop the necessary protocols and data formats
required to support provisioning and management of symmetric key authentication
tokens, both proprietary and standards based.
Intellectual Property
It is the intention of the working group to create an open standard
unencumbered by proprietary intellectual property claims. Essential claims
required to implement the specification should be available for license
according to Reasonable, Non-Discriminatory and Royalty Free terms (RAND-Z).
Scope and Deliverables
The scope of the working group shall be to define protocols and data formats
necessary for provisioning of symmetric cryptographic keys and associated
attributes.
The working group will produce the following deliverables:
* Portable Symmetric Key Container
* Dynamic Symmetric Key Provisioning Protocol
Milestones
· 2006 July Charter WG
· 2006 November WG last call on Portable Symmetric Key
Container
· 2006 December WG last call on Dynamic Symmetric Key
Provisioning Protocol
· 2007 January IETF Last call on PROPOSED status
· 2007 April Complete Interoperability testing
· 2007 July WG last call on promotion to DRAFT
· 2007 September IETF last call on DRAFT status
· 2007 December WG closes.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf