People have pointed out to me that this notice did not have the instructions on
how to subscribe.
Registration is via the Web form:
http://www.safehaus.org/mailman/listinfo/ietf-keyprov
<http://www.safehaus.org/mailman/listinfo/ietf-keyprov>
________________________________
From: Hallam-Baker, Phillip [mailto:pbaker(_at_)verisign(_dot_)com]
Sent: Wednesday, June 14, 2006 8:22 PM
To: ietf(_at_)ietf(_dot_)org
Subject: New mailing list for discussion of KEYPROV symmetric
keyprovisioning proposal
This message is being sent to the IETF mailing list in accordance with
recent requests to notify IETF members of proposals to form working groups etc
in this forum.
The OATH consortium and RSA recently submitted proposals relating to
the provisioning of symmetric keys.
While the immediate focus of these proposals is OTP tokens any
technology developed is likely to have widespread application within the
standards community. In particular we note that the IETF now requires proposals
involving the use of cryptographic material to provide a means of managing and
provisioning the keying material.
To this end we have set up a mailing list to discuss the proposed
formation of an IETF WG in response to the security ADs request that we
establish it prior to consideration of our request for a BOF.
The strawman charter has been discussed at some length within OATH
already, possibly more than is desirable for a pre-pre-standards activity.
The proposed name is KEYPROV
The mailing list is ietf-keyprov(_at_)safehaus(_dot_)org
<mailto:ietf-keyprov(_at_)safehaus(_dot_)org>
The name ietf-keyprov has been chosen to impress upon the members the
fact that the mailing list is for the purpose of discussions that are intended
to form an IETF working group that will operate under NOTE WELL and result in a
spec consistent with the IPR requirements set out in the draft charter.
The draft charter is:
Provisioning of Symmetric Keys (KEYPROV)
Background
One Time Password (OTP) tokens provide a convenient and secure means of
user authentication. Combined with a PIN an OTP token provides a robust two
factor authentication solution.
Recent developments in Internet crime, in particular credential theft
(phishing) makes the widespread use of and thus development of open standards
for OTP tokens and other symmetric key cryptographic systems highly desirable.
This requires a standards based key provisioning infrastructure
analogous to the mechanisms provided in public key infrastructures. In
particular the ability to provision symmetric keys and associated attributes
dynamically to already issued devices such as cell phones and USB drives is
highly desirable. The working group will develop the necessary protocols and
data formats required to support provisioning and management of symmetric key
authentication tokens, both proprietary and standards based.
Intellectual Property
It is the intention of the working group to create an open standard
unencumbered by proprietary intellectual property claims. Essential claims
required to implement the specification should be available for license
according to Reasonable, Non-Discriminatory and Royalty Free terms (RAND-Z).
Scope and Deliverables
The scope of the working group shall be to define protocols and data
formats necessary for provisioning of symmetric cryptographic keys and
associated attributes.
The working group will produce the following deliverables:
* Portable Symmetric Key Container
* Dynamic Symmetric Key Provisioning Protocol
Milestones
· 2006 July Charter WG
· 2006 November WG last call on Portable Symmetric Key
Container
· 2006 December WG last call on Dynamic Symmetric Key
Provisioning Protocol
· 2007 January IETF Last call on PROPOSED status
· 2007 April Complete Interoperability testing
· 2007 July WG last call on promotion to
DRAFT
· 2007 September IETF last call on DRAFT status
· 2007 December WG closes.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf