Re: [kmip] RE: [kmip-comment] Issue with KMIP 1.1 Profiles document

[Tim Hudson <tjh@cryptsoft.com>]

On 11/04/2012 6:40 AM, Bruce Rich wrote:

Judy,

The heart of my observation on the profile was that  "The PKCS1 format itself is so raw that you need the context or an attribute to tell you whether it's a public key or private, so asserting that one also needs to support asymmetric RAW format keys begs further definition".

Actually PKCS#1 is a perfectly fine format for both public and private keys - you determine which you have from the elements included in the key - so there is no need for the information to be represented outside of the PKCS#1 formatted value (although it doesn't hurt). I have no idea what RAW means as a format for RSA keys - as I've not seen anything describe it myself.

I suggest that the transparent types and PKCS#1 format should be mandatory for all the current asymmetric profiles - which should probably be renamed as RSA Profiles as that is what they are in essence. I've not seen anyone define non-RSA usage at all with test cases.

We currently treat "RAW" as simply meaning an opaque format which the client better understand how to handle and the server does not process - which is itself a useful (although not particularly interoperable) concept. Perhaps that is what folks had in mind originally.

Tim.