A Practical Guide for Proactive Key Management and PQ Readiness Using KMIP (S20c)
This talk will be a practical exploration of how capabilities available in OASIS KMIP for cataloguing and managing cryptographic keys and other security objects can be effectively used as part of a PQC preparedness plan. The talk will walk through how these capabilities can be utilized to deliver security policy management and cryptographic agility, two critical elements that will be needed to plan for and respond to post quantum threats. The last 2 years have seen accelerated efforts by both industry and government to push forward with quantum safe algorithm vetting and preparation activities. Given the nature of some of the new algorithms and the impact these will have on crypto systems – this effort is unsurprising. What is surprising, however, is the apparent lack of focus on assisting organizations in implementing PQC precursor activities, specifically cataloguing their current key and key management state of play – a critical task that must be undertaken before any mapping of a future state can occur. This talk will plug this knowledge gap, by showing how the capabilities within the OASIS Key Management Interoperability Protocol (KMIP), a mature and market proven technology for security object management, can be used as an essential tool in the race to be PQC ready.