Feeds

Sun wades into key management kerfuffle

Encryption standards soup thickens

Intelligent flash storage arrays

Sun has thrown its open source key management ideas into the key management standards giant brandy glass, offering license-free management that it hopes will become an industry standard.

The generic idea everyone is agreed upon is that encrypting devices using keys should be able to interoperate with any key management system using a standard protocol. Suppliers can then compete with their own encrypting devices and key management products, either proprietary or, as in Sun's case, open source.

There appear to be two main efforts devoted to producing standard protocol to link encrypting devices and key managers: The IEEE 1619.3 committee, said to be focussed on storage-related encryption, and the OASIS Enterprise Key Management Infrastructure (EKMI) technical committee.

There is a third initiative from the Trusted Computing Group devoted to self-encrypting devices and their key management. The TCG says its work is unique and complementary to the OASIS and IEEE efforts.

On February 12 several vendors said they were forming an OASIS Key Management Interface Protocol (KMIP) technical committee, saying that their supported KMIP is ready for adoption and supports a broader set of use cases than both the EMKI set and IEEE 1619.3.

Now Sun has released its own open source KMIP, downloadable from here, and packaged as part of its Open Storage initiative. It says its protocol "is available to customers using the Sun StorageTek KMS 2.0 Key Manager and StorageTek T9840D, T10000A, T10000B tape drives, as well as Sun's HP LTO4 drives shipped in Sun libraries.

"A number of additional partners are developing products based on this protocol, including EMC, whose RSA security division has talked about releasing it as an option on their RKM Key Manager."

IBM's tape drive division is working on supporting this protocol for its LTO4 drive shipped in Sun Libraries. Sun has also shared this protocol with numerous other industry partners including computer OEMs, back up application providers, disk array and switch manufacturers. That doesn't mean anything more than that they've agreed to look at it, though.

This is where the OASIS/Sun intersection gets fun. The OASIS KMIP group constitute EMC, IBM, HP and Thales with Brocade, LSI, NetApp and Seagate joining in too. No Sun though. Sun says it will work with the IEEE 1619.3 group and OASIS "to further develop and formalize the interface as an industry standard".

Sun's statement doesn't say it will actually support the OASIS KMIP effort so we might assume that, nothwithstanding EMC and IBM support of Sun to the extent described above, any OASIS KMIP-compliant key managers and encrypting devices will not necessarily work with Sun KMIP-compliant encrypting devices and key managers. It's enough to make you weep AES-256-encrypted tears. ®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.