[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [kmip] Groups - Proposal for change to conformance language in KMIP Profiles (kmip profiles conformance proposal 5sep11.pdf) modified
From the proposal: "Enable Discover Version to be used without requiring channel confidentiality, channel authenticity and client and server authentication." What are the reasons for this proposal? What benefits are there in supporting an insecure message exchange between KMIP clients and servers? If the channel and server are not trusted, then how is it possible for the client to trust the response? If the response cannot be trusted, then what use is it? From implementation, security, and maintenance points of view, I'd rather not be required to introduce an insecure mode of operation in my server to comply with this proposal unless there are clear and compelling reasons and/or benefits for doing this. -- John ---------------------------------------------------------------- John Leiseboer QuintessenceLabs Pty Ltd Chief Technology Officer Suite 23, Physics Building #38 P: +61 7 5494 9291 Science Road F: +61 2 6125 7180 Australian National University M: +61 409 487 510 Acton, ACT 0200 Australia mailto:jl@quintessencelabs.com www.quintessencelabs.com ----------------------------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]