OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Revoking opaque objects

Hello,

I had a question about revoking and the state of opaque objects. I understand that opaque objects can be revoked, but it doesn't specifically say whether or not they can only be revoked with a reason of compromised (via 'key compromise' or 'CA compromise' reasons as per v1.3) or if they can also be revoked with other revocation reasons as well. However, if they are revoked with other revocation reasons, the spec suggests to place the object in a deactivated state, and to set the deactivation date. Under Appendix B. Attribute Cross-Reference, it seems that the Deactivation Date applies to opaque objects, but that State does not. However, in 3.27, it states that the Deactivation Date applies to "All Cryptographic Objects, Templates" and in 3.22, it states that the State applies to "All Cryptographic Objects". The sections for Compromise Occurrence Date, Compromise Date, and Revocation Reason all seem to apply to opaque objects, both in 3.* and in the appendix.

Basically, to summarize:

  • Can opaque objects be revoked with a revocation reason other than 'key compromise' or 'CA compromise'?
  • If they can, is the deactivation date for that object set? Is the state set to deactivated?
  • If an opaque object is revoked or destroyed, is the state set in these cases?

Thanks for your time and help,

Alex Abell

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]