1 / 17

KMIP v.Next PGP Support

KMIP v.Next PGP Support. Michael Allen. Sr. Technical Director, Symantec. Agenda. Trust Establishment. 1. Current KMIP Situation. Proposed Enhancements. 2. 2. Trust Establishment - Email. Trust Establishment – External Directory. Where Are We Now. Note About Notation.

aldis
Download Presentation

KMIP v.Next PGP Support

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. KMIP v.Next PGP Support Michael Allen Sr. Technical Director, Symantec KMIP v.Next PGP Support

  2. Agenda Trust Establishment 1 Current KMIP Situation Proposed Enhancements 2 2 KMIP v.Next PGP Support

  3. Trust Establishment - Email KMIP v.Next PGP Support

  4. Trust Establishment – External Directory KMIP v.Next PGP Support

  5. Where Are We Now KMIP v.Next PGP Support

  6. Note About Notation KMIP v.Next PGP Support

  7. How Do We Fit This Into That? KMIP v.Next PGP Support

  8. What’s Missing from KMIP? Multiple User IDs Top Key / Sub Key Structures 2 1 • Each PGP key have multiple user IDs (usually email addresses, can be images as well) • Searches for other PGP keys usually use these user IDs • KMIP has certificate identifier but doesn’t have the right bits in that attribute • User IDs can be signed just as keys can be signed • A PGP key consists of a unifying key and multiple purpose-specific sub keys • Keys are tied together via signatures between each other • KMIP doesn’t have a link notion between sets of public / private key pairs Arbitrary Signature Sets 3 Additional Decryption Key 4 • Anyone’s PGP key can sign another key • These signatures may play a role in arbitrary trust calculations • PGP-specific feature where the key ID of another PGP key rides along with one’s own PGP key • Anything encrypted with one’s PGP key also gets encrypted to the ADK • Searches for ADK occur via its key ID KMIP v.Next PGP Support

  9. PGP Certificate Type Re-Examined KMIP v.Next PGP Support

  10. Top Key and Sub Key Link Objects KMIP v.Next PGP Support

  11. Top Key and Sub Key Link Objects KMIP v.Next PGP Support

  12. New Link Types Table 9.1.3.2.20: Link Type Enumeration KMIP v.Next PGP Support

  13. New PGP Key ID Attribute Section 3.XX KMIP v.Next PGP Support

  14. New PGP User ID Attribute Section 3.XX KMIP v.Next PGP Support

  15. New PGP ADK Attribute Section 3.XX KMIP v.Next PGP Support

  16. New PGP Signature Attribute Section 3.XX KMIP v.Next PGP Support

  17. Michael Allen mike_allen@symantec.com 650-527-0716

More Related