kmip v.next pgp support
DESCRIPTION
KMIP v.Next PGP Support. Michael Allen. Sr. Technical Director, Symantec. Agenda. Trust Establishment. 1. Current KMIP Situation. Proposed Enhancements. 2. 2. Trust Establishment - Email. Trust Establishment – External Directory. Where Are We Now. Note About Notation. - PowerPoint PPT PresentationTRANSCRIPT
KMIP v.Next PGP Support 1
KMIP v.Next PGP Support
Michael AllenSr. Technical Director, Symantec
Agenda
KMIP v.Next PGP Support 2
Trust Establishment1
Current KMIP Situation2
Proposed Enhancements2
Trust Establishment - Email
3KMIP v.Next PGP Support
Trust Establishment – External Directory
4KMIP v.Next PGP Support
Where Are We Now
5KMIP v.Next PGP Support
Note About Notation
6KMIP v.Next PGP Support
How Do We Fit This Into That?
7KMIP v.Next PGP Support
8
What’s Missing from KMIP?
2
• Each PGP key have multiple user IDs (usually email addresses, can be images as well)
• Searches for other PGP keys usually use these user IDs• KMIP has certificate identifier but doesn’t have the
right bits in that attribute• User IDs can be signed just as keys can be signed
Multiple User IDs1
• A PGP key consists of a unifying key and multiple purpose-specific sub keys
• Keys are tied together via signatures between each other
• KMIP doesn’t have a link notion between sets of public / private key pairs
Top Key / Sub Key Structures
3
• Anyone’s PGP key can sign another key• These signatures may play a role in arbitrary trust
calculations
Arbitrary Signature Sets4
• PGP-specific feature where the key ID of another PGP key rides along with one’s own PGP key
• Anything encrypted with one’s PGP key also gets encrypted to the ADK
• Searches for ADK occur via its key ID
Additional Decryption Key
KMIP v.Next PGP Support
PGP Certificate Type Re-Examined
9KMIP v.Next PGP Support
Top Key and Sub Key Link Objects
10
KMIP v.Next PGP Support
Top Key and Sub Key Link Objects
11
KMIP v.Next PGP Support
New Link Types
12
KMIP v.Next PGP Support
Table 9.1.3.2.20: Link Type Enumeration
New PGP Key ID Attribute
13
KMIP v.Next PGP Support
Section 3.XX
New PGP User ID Attribute
14
KMIP v.Next PGP Support
Section 3.XX
New PGP ADK Attribute
15
KMIP v.Next PGP Support
Section 3.XX
New PGP Signature Attribute
16
KMIP v.Next PGP Support
Section 3.XX