P1619.3 ARCH Minutes 2007-11-01

Main Menu

Site Administration

Projects

P1619 Narrow-Block

P1619.1 Tape Encryption

P1619.2 Wide Encryption

P1619.3 Key Management

Conferences

XML Syndicate Feeds

ATOM 0.3

OPML

Home

P1619.3 ARCH Minutes 2007-11-01

P1619.3 ARCH Minutes 2007-11-01

PDF

Print

E-mail

Written by Matt Ball
Thursday, 01 November 2007
The Regular P1619.3 ARCH Architecture meeting was held on Nov, 1, 2007. Mike Witkowski was in the chair and Matt Ball took minutes. Attendance: Mike Witkowski, CipherMax Larry Hofer, Emulex Matt Ball, MV Ball Tech Kevin Marks, Dell Subhash, NetApp Glen Jaquette, IBM Mark Schiller, HP Bob Lockhart, NeoScale Bob Griffin, RSA Security/EMC Bob Snively, Brocade Landon Noll, NeoScale Agenda: Discuss updated KM role/layered models Discuss John Holdman’s key lifecycle model Miscellaneous Topics KM Policy Models Data Attribute Models Interaction Models? Discussion on Mike Witkowski's slides Should we move the 'Data Storage' (renamed to 'Storage Medium') box into the 'Encryption Application' box for cases of hard drives with FDE (full disk encryption)? Lockhart was suggesting that we remove the 'CU Agent' box. The group agreed. Discussion of 'Model #3': The 'KM library' box refers to our open source implementation (the word 'library' refers to a .DLL or .SO, not an 'automation library'). The group changed 'library' to 'software lib' Discussion of 'Model #1' Do we want to show the 'key backup' and 'key archive' boxes? These would only be useful to show if we define the format for the backup and archive of keys. Glen: Anyone who doesn't back up their keys is a bonehead. The group decided to make them 'dotted line' boxes to indicate that they're out-of-scope. The group added a box called 'KM Import/Export' for defining a way to input or output keys from the key manager. This would be in scope. Discussion of Jon Holdman's Key transition Diagram The group compared Jon's and Lockhart's pictures. There was discussion about the usefulness of having a state where you clear the key, but keep the metadata around so that you can prevent use of other copies of the key. There is also an issue that some of the policies can only be enforced at the cryptographic unit level. This will cause some complications in the standard because there will be 'shall' requirements for both the server and client. One example is when the crypto unit caches a key longer than its expiration date. Larry, Bob Lockhart, and Jon will get together to talk through the states and decide which ones to keep and pitch. Next meeting in two weeks. Information will be mailed out.
Last Updated ( Thursday, 01 November 2007 )

< Prev		Next >

© 2010 IEEE Security in Storage Working Group

Joomla! is Free Software released under the GNU/GPL License.