An ability to inform a recipient that she should use a
key derived from a known pass-phrase (or
other shared secret) for multiple encrypted data (or
authenticated data) instances
¥A single encrypted (authenticated) data works with
current approach (PBES2/PBMAC1)
¥WS-I also recommends forward cross-referencing in this
case
It was felt this should be an extension to XML Enc/ XML
Dsig rather than PKCS
¥Too generic – Derived Key
The current gap causes some issues – e.g. in IETF
KEYPROV that leverages PKCS #5
¥Had to define their own Derived Key key type