Encryption Key Management Issues (05-446)

Edling, Dwayne A dwayne.edling at sun.com
Fri Jan 13 11:42:10 PST 2006


* From the T10 Reflector (t10 at t10.org), posted by:
* "Edling, Dwayne A" <dwayne.edling at sun.com>
*

This is a multi-part message in MIME format.

------_=_NextPart_001_01C61879.71D3BA7D
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Paul Entzel,

=20

We have the same requirement as IBM for a write encryption key. We can
only hold one write key at a time, so if we receive a second write key
the previous write key will be removed. This is not he case, however,
for read decryption keys. We can hold multiple read decryption keys at
any time.

Best Regards,=20

Dwayne Edling=20
Sun Microsystems MS-4274=20
One StorageTek Drive=20
Louisville CO 80028=20
303-661-5299=20

=20

________________________________

From: owner-t10 at t10.org [mailto:owner-t10 at t10.org] On Behalf Of Kevin D
Butt
Sent: Friday, January 13, 2006 12:04 PM
To: t10 at t10.org
Subject: Encryption Key Management Issues (05-446)

=20


Paul Entzel,=20

In discussing the Encryption proposal (05-446r1) with my team in light
of the SCOPE field and how many keys can be active in the drive at a
time, we require that there only be one key active at any given time.
So if a new SCOPE is sent down with a new Key, all previous keys need to
be removed.  If there is a need to allow the currently spec'ed behavior
of allowing at least one key for each SCOPE, then we would like to have
it configurable that there is only one key allowed at a time.=20

Thanks,=20

Kevin D. Butt
Fibre Channel & SCSI Architect, IBM Tape Firmware,=20
6TYA, 9000 S. Rita Rd., Tucson, AZ  85744
Tie-line 321; Office: 520-799-5280, Lab: 799-5751, Fax: 799-4138, Email:
kdbutt at us.ibm.com=20


------_=_NextPart_001_01C61879.71D3BA7D
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
	{font-family:sans-serif;
	panose-1:0 0 0 0 0 0 0 0 0 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:#606420;
	text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:10.0pt;
	font-family:"Courier New";}
p
	{mso-margin-top-alt:auto;
	margin-right:0in;
	mso-margin-bottom-alt:auto;
	margin-left:0in;
	font-size:12.0pt;
	font-family:"Times New Roman";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:8.0pt;
	font-family:Tahoma;}
span.EmailStyle17
	{mso-style-type:personal-reply;
	font-family:Arial;
	color:navy;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3D"#606420">

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Paul =
Entzel,<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>We have the same requirement as IBM =
for a
write encryption key. We can only hold one write key at a time, so if we =
receive
a second write key the previous write key will be removed. This is not =
he case,
however, for read decryption keys. We can hold multiple read decryption =
keys at
any time.<o:p></o:p></span></font></p>

<div>

<p><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:10.0pt;font-family:
Arial;color:navy'>Best Regards,</span></font><font color=3Dnavy><span
style=3D'color:navy'> <o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>Dwayne Edling =
<br>
Sun Microsystems MS-4274 <br>
One StorageTek Drive <br>
Louisville CO 80028 <br>
303-661-5299 <o:p></o:p></span></font></p>

</div>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<div>

<div class=3DMsoNormal align=3Dcenter =
style=3D'margin-left:.5in;text-align:center'><font
size=3D3 face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabindex=3D-1>

</span></font></div>

<p class=3DMsoNormal style=3D'margin-left:.5in'><b><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</spa=
n></font></b><font
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'>
owner-t10 at t10.org [mailto:owner-t10 at t10.org] <b><span =
style=3D'font-weight:bold'>On
Behalf Of </span></b>Kevin D Butt<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Friday, January 13, =
2006
12:04 PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> t10 at t10.org<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> Encryption Key =
Management
Issues (05-446)</span></font><o:p></o:p></p>

</div>

<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><br>
</span></font><font size=3D2 face=3Dsans-serif><span =
style=3D'font-size:10.0pt;
font-family:sans-serif'>Paul Entzel,</span></font> <br>
<br>
<font size=3D2 face=3Dsans-serif><span =
style=3D'font-size:10.0pt;font-family:sans-serif'>In
discussing the Encryption proposal (05-446r1) with my team in light of =
the
SCOPE field and how many keys can be active in the drive at a time, we =
require
that there only be one key active at any given time. &nbsp;So if a new =
SCOPE is
sent down with a new Key, all previous keys need to be removed. &nbsp;If =
there
is a need to allow the currently spec'ed behavior of allowing at least =
one key
for each SCOPE, then we would like to have it configurable that there is =
only
one key allowed at a time.</span></font> <br>
<br>
<font size=3D2 face=3Dsans-serif><span =
style=3D'font-size:10.0pt;font-family:sans-serif'>Thanks,</span></font>
<br>
<font size=3D2 face=3Dsans-serif><span =
style=3D'font-size:10.0pt;font-family:sans-serif'><br>
Kevin D. Butt<br>
Fibre Channel &amp; SCSI Architect, IBM Tape Firmware, <br>
6TYA, 9000 S. Rita Rd., Tucson, AZ &nbsp;85744<br>
Tie-line 321; Office: 520-799-5280, Lab: 799-5751, Fax: 799-4138, Email:
kdbutt at us.ibm.com</span></font> <o:p></o:p></p>

</div>

</body>

</html>

------_=_NextPart_001_01C61879.71D3BA7D--
*
* For T10 Reflector information, send a message with
* 'info t10' (no quotes) in the message body to majordomo at t10.org





More information about the T10 mailing list