I have a question on using a KEK as described in Section 4.2. It states:
The [Content Creation] PEP submits the CEK, the set of requires policies to be
applied and the hash of the encrypted content to the PDP. The CEK can be a raw
key or a CEK key encrypted by a KEK if the user does not want the PDP to have
the ability to access the plain text data.
In the case of encrypting the CEK with a KEK, whose key is used in that case?
And how will the recipient decrypt it? I didn't see the corresponding steps
listed in the Content Consuming sequence.
-Scott
_______________________________________________
plasma mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/plasma
