OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [kmip] Groups - Cryptographic Length of Certificates Proposal (KMIPCertificateLengthProposal.doc) uploaded

The alternative proposal from what I posted yesterday would be to define a new attribute -- Certificate Length -- and have that carry the length of the certificate.  Then Cryptographic Length would then be restricted to only apply to keys.    So there would be no Cryptographic Length associated with the Certificate, but there would be a Cryptographic Length associated with the Public Key associated (linked) with the Certificate.  I went with the simpler approach of just trying to repurpose the Cryptographic Length for both Certificates and Keys, but can submit the alternative proposal if that is what the TC wants.  We can discuss this on the Thursday call.


Other responses to your comments below….




From: Tim Hudson [mailto:tjh@cryptsoft.com]
Sent: Sunday, July 24, 2011 6:14 PM
To: Furlong, Judith
Cc: kmip@lists.oasis-open.org
Subject: Re: [kmip] Groups - Cryptographic Length of Certificates Proposal (KMIPCertificateLengthProposal.doc) uploaded


" For keys, Cryptographic Length is the length in bits of the clear-text cryptographic key material of the Managed Cryptographic Object. For certificates, Cryptographic Length is the length in bits of the encoded Certificate Managed Cryptographic Object."

There are three issues with this:
- one the definition for keys is actually interpreted differently by different implementations for DES keys - does this include or not include the parity bits?
  (I know this isn't part of Judy's change - but it is something to get sorted out if we are changing this section)

[JAF] Ok sounds like we need additional clarification of Cryptographic Length

- what is the purpose of making this length be specified in bits?

[JAF] What other unit of length would you suggest?  Bytes? Or leaving the Length unit unspecified?

- what purpose does it serve to have this just specified as the length of the encoded certificate - that is not "cryptographic" - and the certificate value has a length in its encoding.

[JAF] KMIP defines Certificates as Cryptographic Managed Objects.  I do agree that the certificate contains more than cryptographic materials (e.g. the public key and the signature) but I wouldn't say that a certificate is not cryptographic at all.

Yes the certificate has a length within the encoding but KMIP doesn’t not rely upon info inside the encoded managed object --- it has be to parsed are pulled out an placed in an attribute.  So if we want the length of the certificate they we need to pull that out and specify it.

I can see a use in this matching "Cryptographic Length" of the public key contained with in the certificate.

[JAF] The Public Key will be linked to the Certificate and that will have the Cryptographic Length of the key


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]