FW: Changelog A5 from Hallam-Baker, Phillip on 2002-12-17 (www-xkms@w3.org from December 2002)

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Tue, 17 Dec 2002 09:29:29 -0800
To: "Www-Xkms (E-mail)" <www-xkms@w3.org>
Message-ID: <CE541259607DE94CA2A23816FB49F4A310FEFF@vhqpostal6.verisign.com>

 
103 - Blair point about private key processing [see also my point on
private key encryption]
 
Added Blair's text and the following security consideration:

Implementations MUST ensure that in cases where a private key is
generated by the service, the information used to encrypt the private
key data is adequately protected. In particular if an authentication
pass phrase exchanged out of band is used to encrypt the private key the
implementation MUST ensure that the out of band communication mechanism
adequately protects the confidentiality of the pass phrase.

It is recommended that implementations make use of TLS or an in-band key
exchange mechanism to protect the private key in the case that the
authentication pass phrase is disclosed. 

 
New issue 125 - add in an element of abstract type to the relevant
operations (Register, Recover) that may be used as a derrivation point
for a key exchange such as XKASS?

Received on Tuesday, 17 December 2002 12:29:30 UTC