Issue with TC-REKEY-12-21

[Mark Joseph <mark@p6r.com>]

In the request message below the attributes Rotate Latest and Rotate Generation are being set by the client.   

However, in the KMIP 2.1 specification for both attributes the client cannot set or modify these attributes.

So is the test or specification wrong?

SHALL always have a value    No

Initially set by                        Server

Modifiable by server              No 

Modifiable by client               No 

Deletable by client                 No 

Multiple instances permitted No 

When implicitly set                When object is rotated

Applies to Object Types        All Objects

<RequestMessage>

  <RequestHeader>

    <ProtocolVersion>

      <ProtocolVersionMajor type="Integer" value="2"/>

      <ProtocolVersionMinor type="Integer" value="1"/>

    </ProtocolVersion>

    <ClientCorrelationValue type="TextString" value="TC-REKEY-12-21 step=2"/>

    <BatchCount type="Integer" value="1"/>

  </RequestHeader>

  <BatchItem>

    <Operation type="Enumeration" value="Certify"/>

    <RequestPayload>

      <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_0"/>

      <CertificateRequestType type="Enumeration" value="PKCS_10"/>

      <CertificateRequest type="ByteString" value="3082028130820169020100303c310b30090 .... 92a864886f70d01010105000382010f003082010a0bdb04d21c82ba6"/>

      <Attributes>

        <RotateName>

          <RotateNameValue type="TextString" value="TC-REKEY-12-21-Rotate-Name"/>

          <RotateNameType type="Enumeration" value="UninterpretedTextString"/>

        </RotateName>

        <RotateLatest type="Boolean" value="true"/>

        <RotateGeneration type="Integer" value="0"/>

        <CryptographicUsageMask type="Integer" value="Verify Sign"/>

      </Attributes>

    </RequestPayload>

  </BatchItem>

</RequestMessage>

Best,

Mark Joseph

P6R, Inc

408-205-0361