Recent requirements have created the need to use our current DRM to manage symmetric keys and passphrases. Currently the DRM is used to archive and recover asymmetric private keys. The recovery process is somewhat of a heavyweight process involving Agent approvals and such. That process for the Token Management System is somewhat leaner since no live Agent intervention is required by humans. The following issues are apparent.

1. How will the keys and phrases be transported to and from the DRM? What will be the packaging?

2. How will this material actually be stored? The DRM already employs LDAP key records for private keys. Would we simply use a variation on this theme or use a completely different storage mechanism?

3. How will each symmetric key be uniquely identified? The current method uses its own mapping. How will we do this here?

4. Changes are afoot in the regular DRM with respect to ECC keys. How will these changes alter any plans to store symmetric keys.

5. How will the symmetric keys be wrapped and unwrapped during processing?

6. What kind of performance are we looking for here? In the current world, an archived key recovery can be considered somewhat of a rare operation necessitated by the loss of some data or whatnot. I suspect the retrieval of these symmetric keys might be done more often, based on the use cases.