Kevin, On 2011-08-26 16:34, Lev Novikov wrote: > 2. Traditional data-in-transit and -at-reset case (cf. PKCS#11)
On 2011-08-26 18:25, Kevin Wall wrote: > I presume that you meant 'at-rest' rather than 'at-reset' here? Yes. Hopefully we're not resetting the data when we store it. On 2011-08-26 18:25, Kevin Wall wrote: > What are your assumptions about crypto keys? Are you assuming that > 2 parties have already met and shared keys (probably out of band)? > If not, then I could see maybe use cases involving secure key > exchange. However, I suspect that is considered out of scope. I don't think the model should assume that keys were pre-shared. For example, CICM currently supports negotiating an asymmetric key which results in an ephemeral symmetric key. See: http://tools.ietf.org/html/draft-lanz-cicm-cm-01#section-8 Therefore, adding a use case for a secure key exchange seems reasonable (assuming I understood your proposed case correctly). Lev _______________________________________________ cicm mailing list [email protected] https://www.ietf.org/mailman/listinfo/cicm
