[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [kmip] More on Clarification of Cryptographic Parameters - Usage Guide
Tim, The behaviour you have specified for crypto parameters with crypto operations is different to the behaviour for the wrap function.
Both use crypto parameters specified by the client or associated with the key. If you believe that the new crypto operations CP behaviour is correct, then for consistency, the behaviour for wrap needs to change to match. I believe this would be the wrong thing
to do. It would be incompatible with v1.0 and v1.1. And it’s something that you have not proposed. Therefore… If you believe that there should be inconsistent behaviour, you need to argue the case for inconsistency. To make this clearer, you
need to put forward a compelling case for why, for example, when a server wraps a key, the CP provided by the client
MUST MATCH the CP (if present) associated with the wrapping key, but in contrast to this, when a server encrypts data, the CP provided by the client
IS USED, AND NEED NOT MATCH the CP (if present) associated with the encryption key. You used a consistency of CP behaviour argument prior to the vote for the crypto operations proposal into the standards work, but
the Usage Guide text, and example above, clearly show that your argument was wrong. Your proposal is clearly inconsistent, therefore the argument you used prior to the vote is invalid – in fact, misleading. The proposed new crypto operations behaviour is not
consistent with usage of crypto parameters by the server for wrap, or recommended for clients when they perform other crypto operations themselves. The behaviour that I have proposed is consistent with the server wrap behaviour, and client crypto operations behaviour. It is sensible
behaviour. It is secure behaviour. It is consistent with the text in the Usage Guide since 1.0. Finally, I think you are confusing
management of crypto parameters with usage of crypto parameters. I am not proposing any changes to the management of crypto parameters. This remains exactly as it has always been. The client can add, modify, and delete crypto parameters. Cryptographic
operations are not meant to be used for managing crypto parameters. Crypto operations
use crypto parameters. This is an important difference, and one that can be easy to miss when insufficient rigour is applied in proposing and reviewing behaviour. John From: kmip@lists.oasis-open.org
[mailto:kmip@lists.oasis-open.org] On Behalf Of Tim Hudson On 26/07/2013 10:47 AM, John Leiseboer wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]