Feeds

Sun wades into key management kerfuffle

Encryption standards soup thickens

The essential guide to IT transformation

Sun has thrown its open source key management ideas into the key management standards giant brandy glass, offering license-free management that it hopes will become an industry standard.

The generic idea everyone is agreed upon is that encrypting devices using keys should be able to interoperate with any key management system using a standard protocol. Suppliers can then compete with their own encrypting devices and key management products, either proprietary or, as in Sun's case, open source.

There appear to be two main efforts devoted to producing standard protocol to link encrypting devices and key managers: The IEEE 1619.3 committee, said to be focussed on storage-related encryption, and the OASIS Enterprise Key Management Infrastructure (EKMI) technical committee.

There is a third initiative from the Trusted Computing Group devoted to self-encrypting devices and their key management. The TCG says its work is unique and complementary to the OASIS and IEEE efforts.

On February 12 several vendors said they were forming an OASIS Key Management Interface Protocol (KMIP) technical committee, saying that their supported KMIP is ready for adoption and supports a broader set of use cases than both the EMKI set and IEEE 1619.3.

Now Sun has released its own open source KMIP, downloadable from here, and packaged as part of its Open Storage initiative. It says its protocol "is available to customers using the Sun StorageTek KMS 2.0 Key Manager and StorageTek T9840D, T10000A, T10000B tape drives, as well as Sun's HP LTO4 drives shipped in Sun libraries.

"A number of additional partners are developing products based on this protocol, including EMC, whose RSA security division has talked about releasing it as an option on their RKM Key Manager."

IBM's tape drive division is working on supporting this protocol for its LTO4 drive shipped in Sun Libraries. Sun has also shared this protocol with numerous other industry partners including computer OEMs, back up application providers, disk array and switch manufacturers. That doesn't mean anything more than that they've agreed to look at it, though.

This is where the OASIS/Sun intersection gets fun. The OASIS KMIP group constitute EMC, IBM, HP and Thales with Brocade, LSI, NetApp and Seagate joining in too. No Sun though. Sun says it will work with the IEEE 1619.3 group and OASIS "to further develop and formalize the interface as an industry standard".

Sun's statement doesn't say it will actually support the OASIS KMIP effort so we might assume that, nothwithstanding EMC and IBM support of Sun to the extent described above, any OASIS KMIP-compliant key managers and encrypting devices will not necessarily work with Sun KMIP-compliant encrypting devices and key managers. It's enough to make you weep AES-256-encrypted tears. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.