Feeds

Sun wades into key management kerfuffle

Encryption standards soup thickens

Beginner's guide to SSL certificates

Sun has thrown its open source key management ideas into the key management standards giant brandy glass, offering license-free management that it hopes will become an industry standard.

The generic idea everyone is agreed upon is that encrypting devices using keys should be able to interoperate with any key management system using a standard protocol. Suppliers can then compete with their own encrypting devices and key management products, either proprietary or, as in Sun's case, open source.

There appear to be two main efforts devoted to producing standard protocol to link encrypting devices and key managers: The IEEE 1619.3 committee, said to be focussed on storage-related encryption, and the OASIS Enterprise Key Management Infrastructure (EKMI) technical committee.

There is a third initiative from the Trusted Computing Group devoted to self-encrypting devices and their key management. The TCG says its work is unique and complementary to the OASIS and IEEE efforts.

On February 12 several vendors said they were forming an OASIS Key Management Interface Protocol (KMIP) technical committee, saying that their supported KMIP is ready for adoption and supports a broader set of use cases than both the EMKI set and IEEE 1619.3.

Now Sun has released its own open source KMIP, downloadable from here, and packaged as part of its Open Storage initiative. It says its protocol "is available to customers using the Sun StorageTek KMS 2.0 Key Manager and StorageTek T9840D, T10000A, T10000B tape drives, as well as Sun's HP LTO4 drives shipped in Sun libraries.

"A number of additional partners are developing products based on this protocol, including EMC, whose RSA security division has talked about releasing it as an option on their RKM Key Manager."

IBM's tape drive division is working on supporting this protocol for its LTO4 drive shipped in Sun Libraries. Sun has also shared this protocol with numerous other industry partners including computer OEMs, back up application providers, disk array and switch manufacturers. That doesn't mean anything more than that they've agreed to look at it, though.

This is where the OASIS/Sun intersection gets fun. The OASIS KMIP group constitute EMC, IBM, HP and Thales with Brocade, LSI, NetApp and Seagate joining in too. No Sun though. Sun says it will work with the IEEE 1619.3 group and OASIS "to further develop and formalize the interface as an industry standard".

Sun's statement doesn't say it will actually support the OASIS KMIP effort so we might assume that, nothwithstanding EMC and IBM support of Sun to the extent described above, any OASIS KMIP-compliant key managers and encrypting devices will not necessarily work with Sun KMIP-compliant encrypting devices and key managers. It's enough to make you weep AES-256-encrypted tears. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches
CloudPassage points to 'pervasive' threat of Bash bug
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.