headers
Hannes Tschofenig | 10 May 2010 21:40
Picon

PSKC Algorithm Profile Document: Next Steps

We just had a short conference call about  
http://tools.ietf.org/id/draft-hoyer-keyprov-pskc-algorithm-profiles-01.txt
to determine the next steps with the document.

The action items are:

Hannes to check the OCRA & TOTP algorithm profile URN parameter about 
attaching parameters to the URN to reflect the different ciphersuites. 
Example: urn:ietf:params:xml:ns:keyprov:pskc#OCRA-1:HOTP-SHA512-8:C-QN08

Hannes to talk to Peter about his comment regarding the # symbol in
urn:ietf:params:xml:ns:keyprov:pskc#pin
Peter says it is a reserved symbol that cannot be used. We have to 
figure out what else to use.  

Ming will take a look at the incomplete sections, such as introduction, 
security considerations, IANA considerations, and references.

Ming will send a mail to Andrea to review the SecurID algorithm profiles.
Ming will send a mail to Philip to review the ActivIdentity algorithm 
profiles.

We said it would be useful to ship an update of the document rather soon 
before Hannes talks to Sean asking for AD sponsoring the document. 
Additionally, we concluded that it would be good to solicit feedback 
from other vendors to document their algorithm profiles as well.
Permalink | Reply |
headers
Peter Saint-Andre | 11 May 2010 03:54
Favicon

Re: PSKC Algorithm Profile Document: Next Steps

On 5/10/10 1:40 PM, Hannes Tschofenig wrote:
> We just had a short conference call about 
> http://tools.ietf.org/id/draft-hoyer-keyprov-pskc-algorithm-profiles-01.txt
> to determine the next steps with the document.
> 
> The action items are:
> 
> Hannes to check the OCRA & TOTP algorithm profile URN parameter about
> attaching parameters to the URN to reflect the different ciphersuites.
> Example: urn:ietf:params:xml:ns:keyprov:pskc#OCRA-1:HOTP-SHA512-8:C-QN08
> 
> Hannes to talk to Peter about his comment regarding the # symbol in
> urn:ietf:params:xml:ns:keyprov:pskc#pin
> Peter says it is a reserved symbol that cannot be used. We have to
> figure out what else to use.

Hi Hannes,

The "#" character is not exactly disallowed in URN syntax, but it is
actively discouraged in RFC 2141:

   RFC 1630 [2] reserves the characters "/", "?", and "#" for particular
   purposes. The URN-WG has not yet debated the applicability and
   precise semantics of those purposes as applied to URNs. Therefore,
   these characters are RESERVED for future developments.  Namespace
   developers SHOULD NOT use these characters in unencoded form, but
   rather use the appropriate %-encoding for each character.

A URN of urn:ietf:params:xml:ns:keyprov:pskc:pin seems fine.
(Continue reading)

Permalink | Reply |
headers
Phillip Hallam-Baker | 11 May 2010 14:44
Picon

Re: PSKC Algorithm Profile Document: Next Steps

Yes, URNs do not define a resolution protocol, so there is no
distinction between parameters and stem values. The fragment syntax
does not really work either. The reason the fragment identifier is
used in the W3C specs is because they are referring to sections in the
document where the definition lies. The IETF does not want us to do
that because the W3C approach costs them a huge amount in bandwidth.

So just concatenating the parameter values works as well as anything.

On Mon, May 10, 2010 at 9:54 PM, Peter Saint-Andre <stpeter@...> wrote:
> On 5/10/10 1:40 PM, Hannes Tschofenig wrote:
>> We just had a short conference call about
>> http://tools.ietf.org/id/draft-hoyer-keyprov-pskc-algorithm-profiles-01.txt
>> to determine the next steps with the document.
>>
>> The action items are:
>>
>> Hannes to check the OCRA & TOTP algorithm profile URN parameter about
>> attaching parameters to the URN to reflect the different ciphersuites.
>> Example: urn:ietf:params:xml:ns:keyprov:pskc#OCRA-1:HOTP-SHA512-8:C-QN08
>>
>> Hannes to talk to Peter about his comment regarding the # symbol in
>> urn:ietf:params:xml:ns:keyprov:pskc#pin
>> Peter says it is a reserved symbol that cannot be used. We have to
>> figure out what else to use.
>
> Hi Hannes,
>
> The "#" character is not exactly disallowed in URN syntax, but it is
> actively discouraged in RFC 2141:
(Continue reading)

Permalink | Reply |
headers
Philip Hoyer | 11 May 2010 17:21
Favicon

Re: PSKC Algorithm Profile Document: Next Steps

Should we not somehow prefix the algorithm and suite?

urn:ietf:params:xml:ns:keyprov:pskc:algorithm-pin

urn:ietf:params:xml:ns:keyprov:pskc:algorithm-ocra:suite-HOTP-SHA512-8:C-QN08

although the use of ':' within the OCRA suite definition will most likely confuse things.

Philip

-----Original Message-----
From: keyprov-bounces@...
[mailto:keyprov-bounces@...] On Behalf Of Phillip Hallam-Baker
Sent: Tuesday, May 11, 2010 1:44 PM
To: Peter Saint-Andre
Cc: keyprov@...
Subject: Re: [KEYPROV] PSKC Algorithm Profile Document: Next Steps

Yes, URNs do not define a resolution protocol, so there is no
distinction between parameters and stem values. The fragment syntax
does not really work either. The reason the fragment identifier is
used in the W3C specs is because they are referring to sections in the
document where the definition lies. The IETF does not want us to do
that because the W3C approach costs them a huge amount in bandwidth.

So just concatenating the parameter values works as well as anything.

On Mon, May 10, 2010 at 9:54 PM, Peter Saint-Andre <stpeter@...> wrote:
> On 5/10/10 1:40 PM, Hannes Tschofenig wrote:
>> We just had a short conference call about
(Continue reading)

Permalink | Reply |
headers
Peter Saint-Andre | 11 May 2010 18:16
Favicon

Re: PSKC Algorithm Profile Document: Next Steps

On 5/11/10 9:21 AM, Philip Hoyer wrote:
> Should we not somehow prefix the algorithm and suite?
> 
> urn:ietf:params:xml:ns:keyprov:pskc:algorithm-pin
> 
> urn:ietf:params:xml:ns:keyprov:pskc:algorithm-ocra:suite-HOTP-SHA512-8:C-QN08
> 
> although the use of ':' within the OCRA suite definition will most likely confuse things.

The ':' character when used in suite definitions could be escaped to %3A
if needed, see Section 2.3.1 of RFC 2141.
Attachment (smime.p7s): application/pkcs7-signature, 6820 bytes
On 5/11/10 9:21 AM, Philip Hoyer wrote:
> Should we not somehow prefix the algorithm and suite?
> 
> urn:ietf:params:xml:ns:keyprov:pskc:algorithm-pin
> 
> urn:ietf:params:xml:ns:keyprov:pskc:algorithm-ocra:suite-HOTP-SHA512-8:C-QN08
> 
> although the use of ':' within the OCRA suite definition will most likely confuse things.

The ':' character when used in suite definitions could be escaped to %3A
if needed, see Section 2.3.1 of RFC 2141.
Permalink | Reply |

Gmane