KMIP as a TTLV message format only...

["Lockhart, Robert" <Robert.Lockhart@thalesesec.com>]

All,

I was looking through the Profiles v1.1 draft 02 and realized we were still requiring IP and TLS.  I was hoping we could start to remove them as an requirement unless using TCP/IP as the transport and network layer protocols respectively.

This is something that concerns T11 which may not have TCP/IP available to the end point and X9 who do not use TLS for their link encryption (I don't think they support AES yet either but are still using 3DES for most symmetric operations).  While most servers will sit on IP networks the clients may not and by keeping the normative to only the TTLV messaging portions with TLS as a requirement for when using TCP/IP, we allow other organizations better control of their own datalink, network and tranport (layer 2, 3 & 4) protocols.

Is there some way to consider this for 1.1 so as to allow for potentially more outside profile development for KMIP 1.1 and later?  It may be opening a can of worms but if we can make recommendations versus SHALL statements for this I think it will ease adoption.

Comments are greatly appreciated but please keep the caliber of the bullets to small bore if possible.

Bob L.

Robert A. (Bob) Lockhart
Senior Solutions Architect
THALES Information Systems Security