[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [kmip] More on Clarification of Cryptographic Parameters - Usage Guide
Tim, In your previous arguments – the ones that perhaps swayed people to vote in favour of the crypto operations proposal – you very strongly
asserted that your proposal was strictly in line with the existing “model” for Crypto Parameters. The Usage Guide text going all the way back to 1.0 clearly shows this to be a false assertion. It is possible that the TC may have been inadvertently mislead
to vote in favour of the proposal. Quite independently of the merits of the changes that I propose, they are entirely consistent with CP behaviour for key wrapping
– the closest thing we already have to crypto operations in the standard. It is your proposal that is inconsistent and which I believe needs to be corrected. We continue to correct errors in the standard over time. This sometimes requires deprecation of functionality.
We have an opportunity to get this right now without requiring future deprecation to fix this mistake. The purpose of review is to identify errors – no matter how small or large. I am not convinced that we should “rubber-stamp” bad requirements into the standard
because of a vote based on misinformation. Some of your points require comment: >
the testing of the cryptographic services operations between the vendors who support those operations went smoothly and no issues in relation to Cryptographic Parameters were raised The test cases do not exercise the functionality under question. In fact the test cases exercise a very limited amount of CP functionality.
Stating that interop participants raised no issues for functionality that was not tested as an argument to not fix the CP behaviour in the crypto operations is misleading as well as illogical. > …the referenced document explicitly stated: "If omitted then the Cryptographic Parameters associated with the Managed Cryptographic Object with the lowest Attribute Index SHALL be used. If there are no Cryptographic Parameters associated with the Managed Cryptographic Object and
the algorithm requires parameters then the operation SHALL return with a Result Status of Operation Failed" >
a full majority voted for the proposal Yes indeed: 51% of eligible voters did vote in favour. The remaining 49% voted against or did not vote at all. >
that particular sort of behaviour belongs in a profile - something which to date you … have also asserted (incorrectly) isn't technically possible Are you saying that a profile can specify behaviour that is disallowed by the standard; e.g. if the standard says, “behaviour SHALL
be x”, then a KMIP conformant profile can say, “behaviour SHALL NOT be x”? Or in the context of crypto parameters, “Crypto parameters that conflict with associated crypto parameters SHALL take precedence” – effectively what you have proposed for crypto operations,
can be changed in a profile to say, “Crypto parameters that conflict with associated crypto parameters SHALL result in a FAIL response”. That’s dangerous ground to tread for a standard with an “I” for interoperability in its name. It is certainly not something
that I have ever seen in the hundreds of standards I have worked with in my 35 years of developing and/or implementing standards. John From: kmip@lists.oasis-open.org
[mailto:kmip@lists.oasis-open.org] On Behalf Of Tim Hudson Respectfully John, the behaviour in the specification drafts is the behaviour which was discussed and balloted by the technical committee.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]