An ability to inform a
recipient that she should use a key derived from a known pass-phrase (or
other shared secret) for multiple encrypted data (or authenticated
data) instances
¥A single encrypted
(authenticated) data works with current approach (PBES2/PBMAC1)
¥WS-I also recommends
forward cross-referencing in this case
It was felt this should be
an extension to XML Enc/ XML Dsig rather than PKCS
¥Too generic –
Derived Key
The current gap causes some
issues – e.g. in IETF KEYPROV that leverages PKCS #5
¥Had to define their
own Derived Key key type