KMIP v.Next PGP Support

Tags:

Preview:

Click to see full reader

DESCRIPTION

KMIP v.Next PGP Support. Michael Allen. Sr. Technical Director, Symantec. Agenda. Trust Establishment. 1. Current KMIP Situation. Proposed Enhancements. 2. 2. Trust Establishment - Email. Trust Establishment – External Directory. Where Are We Now. Note About Notation. - PowerPoint PPT Presentation

Citation preview

KMIP v.Next PGP Support 1

KMIP v.Next PGP Support

Michael AllenSr. Technical Director, Symantec

Agenda

KMIP v.Next PGP Support 2

Trust Establishment1

Current KMIP Situation2

Proposed Enhancements2

Trust Establishment - Email

3KMIP v.Next PGP Support

Trust Establishment – External Directory

4KMIP v.Next PGP Support

Where Are We Now

5KMIP v.Next PGP Support

Note About Notation

6KMIP v.Next PGP Support

How Do We Fit This Into That?

7KMIP v.Next PGP Support

8

What’s Missing from KMIP?

2

• Each PGP key have multiple user IDs (usually email addresses, can be images as well)

• Searches for other PGP keys usually use these user IDs• KMIP has certificate identifier but doesn’t have the

right bits in that attribute• User IDs can be signed just as keys can be signed

Multiple User IDs1

• A PGP key consists of a unifying key and multiple purpose-specific sub keys

• Keys are tied together via signatures between each other

• KMIP doesn’t have a link notion between sets of public / private key pairs

Top Key / Sub Key Structures

3

• Anyone’s PGP key can sign another key• These signatures may play a role in arbitrary trust

calculations

Arbitrary Signature Sets4

• PGP-specific feature where the key ID of another PGP key rides along with one’s own PGP key

• Anything encrypted with one’s PGP key also gets encrypted to the ADK

• Searches for ADK occur via its key ID

Additional Decryption Key

KMIP v.Next PGP Support

PGP Certificate Type Re-Examined

9KMIP v.Next PGP Support

Top Key and Sub Key Link Objects

10

KMIP v.Next PGP Support

Top Key and Sub Key Link Objects

11

KMIP v.Next PGP Support

New Link Types

12

KMIP v.Next PGP Support

Table 9.1.3.2.20: Link Type Enumeration

New PGP Key ID Attribute

13

KMIP v.Next PGP Support

Section 3.XX

New PGP User ID Attribute

14

KMIP v.Next PGP Support

Section 3.XX

New PGP ADK Attribute

15

KMIP v.Next PGP Support

Section 3.XX

New PGP Signature Attribute

16

KMIP v.Next PGP Support

Section 3.XX

Thank you!

17

Michael Allenmike_allen@symantec.com650-527-0716

mailto:mike_allen@symantec.com

Recommended

Key Management Interoperability Protocol Specification ...docs.oasis-open.org/kmip/spec/v1.3/csprd01/kmip-spec-v1.3-csprd0… · kmip-spec-v1.3-csprd01 03 December 2015 Standards
Documents
Key Management Interoperability Protocol (KMIP)xml.coverpages.org/KMIP/KMIP-WhitePaper.pdf · The Key Management Interoperability Protocol (KMIP), recently introduced as a new technical
Documents
Tutorial on KMIP and FC EAP/GPSK
Documents
Tiruchirappalli, Udaipur, Visakhapatnam Common Admission ... · IIM Sirmaur PGP IIM Tiruchirappalli PGP, PGPBM IIM Udaipur PGP IIM Visakhapatnam PGP . B. Fellow Programmes in Management
Documents
Kmip Spec 1.0 CD 06
Documents
KMIP Asymmetric Key Lifecycle Profile Version 1docs.oasis-open.org/kmip/kmip-asym-key-profile/v1.0/kmip...kmip-asym-key-profile-v1.0-os 19 May 2015 Standards Track Work Product Copyright
Documents
Key Management Interoperability Protocol Specification Version 1docs.oasis-open.org/kmip/spec/v1.4/kmip-spec-v1.4.pdf · 2019-07-18 · kmip-spec-v1.4-errata01-os-redlined 18 July
Documents
Key Management Interoperability Protocol Specification Version 1docs.oasis-open.org/kmip/spec/v1.1/os/kmip-spec-v1.1-os.pdf · 2013. 1. 24. · kmip-spec-v1.1-os 24 January 2013 1
Documents
KMIP Asymmetric Key Lifecycle Profile Version 1docs.oasis-open.org/kmip/kmip-asym-key-profile/v1.0/os/...Saikat Saha (saikat.saha@oracle.com), Oracle Tony Cox (tjc@cryptsoft.com),
Documents
Pretty Good Privacyweb.cse.msstate.edu/~ramkumar/pgp.pdf · Outline Introduction PGP Operation PGP Key Management PGP Components PGP - Sending and Receiving Messages Keys 1 Four types
Documents
System Center Configuration Manager v.Next Overview
Documents
PGP Public Key Import PGP Data Encryption
Documents
KMIP Opaque Managed Object Store Profile Version 1docs.oasis-open.org/kmip/kmip-opaque-obj-profile/v1.0/cs01/kmip-op… · KMIP Opaque Managed Object Store Profile Version 1.0 Committee
Documents
Open Source KMIP Implementation
Software
Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception
Documents
1 Addressing the New Complexities in Key Management Interoperability KMIP V.Next
Documents
Key Management Interoperability Protocol Test Cases …docs.oasis-open.org/kmip/testcases/v1.2/cnprd02/kmip-testcases-v1... · Key Management Interoperability Protocol Test Cases
Documents
Key Management Interoperability Protocol Usage Guide …docs.oasis-open.org/kmip/kmip-ug/v2.0/cn01/kmip-ug-v2.0...This Key Management Interoperability Protocol Usage Guide Version
Documents
Key Management Interoperability Protocol (KMIP) - The CoverPages
Documents
KMIP Suite B Profile Version 1docs.oasis-open.org/kmip/kmip-suite-b-profile/v1.0/kmip...kmip-suite-b-profile-v1.0-os 19 May 2015 1 , , , KMIP Suite B Profile Version 1.0
Documents