kmip message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Document uploaded for symmetric key profile
- From: Bruce Rich <brich@us.ibm.com>
- To: kmip@lists.oasis-open.org
- Date: Mon, 17 Aug 2009 10:51:53 -0500
I have just uploaded a first draft of
a Basic Symmetric Keyserver Conformance profile.
I took some liberties with the initial Conformance proposal, a summary
of which is
1) I modified the Conformance proposal by deleting the Server and Client
columns, and replacing the Required/Optional/Not Supported with just a
checkmark for Required.
2) I added in the detail section that profiles may only do subsets of the
enumerated types. Doing all of them is a daunting challenge.
Then I tried to pick some reasonable items for a base server. It
doesn't support asynchronous ops, archive or restore. It also doesn't
support for Templates, as that is a bit of a nicety.
I allowed Re-key, but not DeriveKey. And I left off key wrapping,
as that is a huge source of complexity (although I did include in the Cryptographic
Parameters subsets which might be training-wheels versions of such capability).
It doesn't support certificates, except in the SSL/https authentication.
I was also thinking that there would be a parallel profile for asymmetric
keys and certificates. (Volunteers,
anyone?)
And then one could combine these profiles to say that your server fits
both of these profiles, etc.
My thanks to the TC members who commented
on earlier drafts offline, and my apologies if I didn't capture everything
correctly.
Bruce A Rich
brich at-sign us dot ibm dot com
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]