kmip v.next pgp support
DESCRIPTION
KMIP v.Next PGP Support. Michael Allen. Sr. Technical Director, Symantec. Agenda. Trust Establishment. 1. Current KMIP Situation. Proposed Enhancements. 2. 2. Trust Establishment - Email. Trust Establishment – External Directory. Where Are We Now. Note About Notation. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/1.jpg)
KMIP v.Next PGP Support 1
KMIP v.Next PGP Support
Michael AllenSr. Technical Director, Symantec
![Page 2: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/2.jpg)
Agenda
KMIP v.Next PGP Support 2
Trust Establishment1
Current KMIP Situation2
Proposed Enhancements2
![Page 3: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/3.jpg)
Trust Establishment - Email
3KMIP v.Next PGP Support
![Page 4: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/4.jpg)
Trust Establishment – External Directory
4KMIP v.Next PGP Support
![Page 5: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/5.jpg)
Where Are We Now
5KMIP v.Next PGP Support
![Page 6: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/6.jpg)
Note About Notation
6KMIP v.Next PGP Support
![Page 7: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/7.jpg)
How Do We Fit This Into That?
7KMIP v.Next PGP Support
![Page 8: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/8.jpg)
8
What’s Missing from KMIP?
2
• Each PGP key have multiple user IDs (usually email addresses, can be images as well)
• Searches for other PGP keys usually use these user IDs• KMIP has certificate identifier but doesn’t have the
right bits in that attribute• User IDs can be signed just as keys can be signed
Multiple User IDs1
• A PGP key consists of a unifying key and multiple purpose-specific sub keys
• Keys are tied together via signatures between each other
• KMIP doesn’t have a link notion between sets of public / private key pairs
Top Key / Sub Key Structures
3
• Anyone’s PGP key can sign another key• These signatures may play a role in arbitrary trust
calculations
Arbitrary Signature Sets4
• PGP-specific feature where the key ID of another PGP key rides along with one’s own PGP key
• Anything encrypted with one’s PGP key also gets encrypted to the ADK
• Searches for ADK occur via its key ID
Additional Decryption Key
KMIP v.Next PGP Support
![Page 9: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/9.jpg)
PGP Certificate Type Re-Examined
9KMIP v.Next PGP Support
![Page 10: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/10.jpg)
Top Key and Sub Key Link Objects
10
KMIP v.Next PGP Support
![Page 11: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/11.jpg)
Top Key and Sub Key Link Objects
11
KMIP v.Next PGP Support
![Page 12: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/12.jpg)
New Link Types
12
KMIP v.Next PGP Support
Table 9.1.3.2.20: Link Type Enumeration
![Page 13: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/13.jpg)
New PGP Key ID Attribute
13
KMIP v.Next PGP Support
Section 3.XX
![Page 14: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/14.jpg)
New PGP User ID Attribute
14
KMIP v.Next PGP Support
Section 3.XX
![Page 15: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/15.jpg)
New PGP ADK Attribute
15
KMIP v.Next PGP Support
Section 3.XX
![Page 16: KMIP v.Next PGP Support](https://reader036.vdocuments.net/reader036/viewer/2022062315/56815abd550346895dc87d49/html5/thumbnails/16.jpg)
New PGP Signature Attribute
16
KMIP v.Next PGP Support
Section 3.XX