OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [kmip] Re: Groups - oasis - Ballot "Straw poll on whether to allow "mutating attributes" in KMIP V1.0." has closed

On the subject of mutations - one important reason to allow them is to
simplify key requests.

In the original design, the assumption was made was that the server was
complex and had full knowledge of the state of each key, while the
clients were relatively simple.

The intention was to reduce the number messages required to complete any

If the server is not allowed to mutate the attributes requested by a
client we risk getting into a Dr Seuss situation where the client plays
the part of Sam and has to ask repeated questions until it gets the
answer right.

Allowing the server to mutate the request means that if for instance the
client requests a key and asks to be allowed to encrypt 1000 blocks but
the server knows that it has only 500 blocks left - we had two options:

- either return an error, hopefully with the maximum allowed value so
the client does not have to make repeated guesses.

- return the key with a note that it an only be used for 500 blocks.

Applying Occam's razor we went for the second option, to save a round trip.

When registering a key, if the client requests a lifetime that is
plainly wrong, for example suggesting a Triple DES key be used to
encrypt a Peta byte - the server needs to be able to correct this to a
sensible value.

Again it could reject the initial request and suggest correct values -
but again this just causes traffic. Alternatively it can register the
key and return the acceptable values.

Of course, if it is presented with a 3DES key it cannot register this as
an AES key - and if there is a policy that all keys be AES the server
has no option but to reject the key. If in this case the client cannot
use AES keys, there is a significant problem that no protocol can solve.

We should bear in mind that KMIP is only the server to client protocol -
not the complete server implementation. We must assume that if the
administrator attempts to enforce an AES only rule having registered
3DES only clients then the server will inform them that there is a

Marcus Streets
Security Standards Officer

THALES Information Systems Security
nCipher product line

T:  +44 (0) 0123 723613 (Direct)
F:  +44 (0) 0123 723601
E:  Marcus.Streets@thales-esecurity.com
W:  www.ncipher.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]