Cloud Key Management

  • 1.  CSA to prepare a short Training Guide on Key Management!!

    Posted Feb 25, 2022 01:33:00 AM
    Dear Key Management WG members,

    I'd like to announce that CSA will start working on a study guide related to Cloud Key Management.

    The coming days our working group might need to exchange knowledge and collaborate with the CTO team.

    Please stay tuned!!! Our working group's expertise can help shape the content and make it more effective in educating all interested parties in the Cloud Key Management field.

    Kind regards,
    Marina

    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------


  • 2.  RE: CSA to prepare a short Training Guide on Key Management!!

    Posted Feb 25, 2022 10:17:00 AM
    I'm just wondering if it make sense to explicitly define PKI as part of Key Management?

    ------------------------------
    Ivan Pakhomov
    PA
    CS
    ------------------------------



  • 3.  RE: CSA to prepare a short Training Guide on Key Management!!

    Posted Feb 27, 2022 07:26:00 PM

    Hi Ivan,
    Thanks for the note. Is there a particular document where a definition is made and you would like to see clarification? 

    Thanks,



    ------------------------------
    Paul Rich CIPP/US CIPP/G
    WA
    ------------------------------



  • 4.  RE: CSA to prepare a short Training Guide on Key Management!!

    Posted Feb 28, 2022 01:57:00 AM

    Hi Paul,

    There is a Power Point presentation "CSA Key Managment WG", which has section "Scope" and it move out following

    Out of Scope: Not to make Identity and Access Management (IAM) specifications, and does not intend to supplant IAM adoption or best-practices.

    And I'm thinking in general, it's good to have a Scope definition and include PKI as part of this scope, since I don't think that Asymmetric keys are considered to be used by their own and if we are adding some additional metadata to the public key we have certificate. Also I wasn't able to find WG for PKI, there is a nice group under the NIST and their publication (NIST.SP.1800-16), so in my opinion we shouldn't take care much about PKI basics and approaches, but we should align WG proposals with those "Industry Standards"



    ------------------------------
    Ivan Pakhomov
    PA
    CS
    ------------------------------