kmip message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [kmip] Broader View of Conformance
- From: Todd Arnold <arnoldt@us.ibm.com>
- To: kmip@lists.oasis-open.org
- Date: Wed, 26 Aug 2009 10:26:37 -0400
Steve, you may be in the minority, but
I'm inclined to agree with you. The required commonality among implementations
could come down to this, in a minimalist view:
- Common protocols so that all clients
and servers know how to send and receive messages to each other.
- Messages that allow a client to query
a server to see if it supports features that client wants to use.
(of course, if we expand to cover server-to-server
that second point would also apply there.)
I really don't see the scenario where
a client tries to use a server that is not intended for its use. Why
would my client device be expecting a given server to provide it keys or
other responses if that server was not intended for use in that application?
This is not all that much different from SSL, where one party can
see if the other supports any ciphersuite from an acceptable set - and
if not, the first party can choose not to talk to that server.
-------------------------------------------------------------------
Todd W. Arnold, STSM
IBM Cryptographic Technology Development
(704) 594-8253 FAX 594-8336
-------------------------------------------------------------------
email: arnoldt@us.ibm.com
| From:
| "Wierenga, Steven" <steve.wierenga@hp.com>
|
| To:
| Bruce Rich/Austin/IBM@IBMUS, "Jay.Jacobs"
<Jay.Jacobs@target.com>
|
| Cc:
| "kmip@lists.oasis-open.org"
<kmip@lists.oasis-open.org>, "Fitzgerald, Indra" <indra.fitzgerald@hp.com>
|
| Date:
| 08/26/2009 12:45 AM
|
| Subject:
| RE: [kmip] Broader View of Conformance |
Bruce, Jay,
I could be in a small minority
here, but I believe the sole minimum/base requirement for client-server
interoperability should be a common messaging protocol, without requiring
any specific cryptographic operations, objects, or attributes. Any
particular subset of algorithms, operations, stuctures, and metadata will
apply in a particular usage domain, but not others. And, accepted
cryptographic algorithms and key sizes will change over time.
If clients can be guaranteed of
some minimum server communication and "query server" capabilities
(perhaps at the level of ,what are the other server-supported profiles),
they can easily determine whether server support for the client's intended
use cases is available. But, if common baseline messaging and server
query are not mandated in the base profile, then even this level of interop
is not guaranteed.
Regards,
Steve Wierenga
HP
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]