OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [kmip] Destroying an Active object

> The NIST model explicitly disallowed moving directly from Active to Destroyed states - as do conforming KMIP implementations (there are test cases covering precisely this context).

This is correct for the general case, but as I have stated before, it is not correct for all key types. Here is what NIST SP800-57 Part 1 (revised2 mar08-2007) says:


7.3 States and Transitions for Asymmetric Keys

The preceding discussion of key states and transitions applies to both symmetric and asymmetric keys; however, some observations that are specific to asymmetric keys are in order.

Asymmetric keys that are or will be certified are in the pre-activation state until certified or until the "not before" date specified in a certificate has passed. The types of transitions for asymmetric keys depend on the key type. Examples of transitions follow:

a. A private signature key is not retained in the deactivated state, but transitions immediately to the destroyed state.

b. A private signature key transitioning from the active state to the compromised state is not retained in that state, but transitions immediately to the destroyed-compromised state unless retention is required for legal purposes.

c. A public signature verification key may transition to the deactivated state at the end of the corresponding private key's cryptoperiod. The public signature verification key enters the compromised state if its integrity becomes suspect. However, public signature verification keys need not be destroyed.

d. A public key transport key transitioning from the active state is not retained in the deactivated state, but transitions immediately to the destroyed state. It enters the compromised state only when its integrity is suspect.

e. Private and public key agreement keys transitioning from the active state are not retained in the deactivated state, but transition immediately to the destroyed state.


Note paragraphs a, d, and e - these keys do immediately transition from the active state to the destroyed state.

Regards,
John

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]