[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [kmip] KMIP Spec v1.2 wd05: Multiple Cryptographic Parameters for a Single Key
|
On Thursday, 4 July 2013 10:33 AM, Tim Hudson wrote: You raised this as a major security issue that absolutely must be dealt with
Once again you are exaggerating. Please show the list where I said that this was a “major security issue that absolutely must be dealt with”. Going
through my emails, this is the essence of what I’ve said: I wonder if anyone else has any concerns about this: I suspect that using the same key in different modes, with different padding methods, and/or with different algorithms would be a security concern. Is this something that we should clarify or fix in v1.2? Should we tighten the rules on Cryptographic Parameters or not? Does anyone else have an opinion on this? If others don’t see an issue, that’s fine. I’m sure that others see issues that I don’t see. We’re all using KMIP in different ways, and we all come
against different challenges in using and interpreting KMIP to ensure maximum interoperability and ensuring that our products are secure enough. Is it just possible that I am looking at applications that use KMIP in different ways to others, and I’m finding
some gaps or lack of clarity because of that? Can we give others a chance to have a say now? John |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]