OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Digest attribute clarification


Some questions and concerns have come up regarding the Digest attribute. We discussed the topic on last week's interop call, but it seems that this is an issue for the whole TC.

It is unclear how to calculate the Digest value for a key where the Key Material is a structure, e.g. for transparent keys.

A client may currently register an RSA private key in transparent form on a server, and the server may calculate the digest on e.g. the PKCS#1 byte string representation of the key or the TTLV-encoded Key Material structure of the key. From an interoperability perspective the result should be predictable. A Key Format Type field could be added to the Digest attribute, and if the key format type indicates that the Key Material is a Structure, then we could require the Digest to be calculated on the TTLV-encoding of the Key Material structure.

Aspects to consider are also how the digest is to be used. If it is only for server-internal use (e.g. not allowing more than one copies of the same key in the system), then there might not be a need to specify this further in the protocol. If we want a key registered on two systems to have the same digest, something more is needed. And what if the same key is registered in two different format, should the digest still be the same?

Actual use-cases for the Digest attribute would be very helpful in clarifying the behavior and functionality of the attribute.

Best Regards,

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]