OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [kmip] Groups - Proposal for change to conformance language in KMIP Profiles (kmip profiles conformance proposal 5sep11.pdf) modified


> I believe this was the case for query in v1.0. But we can certainly
> discuss in the call on thursday.


Not quite. Version 1.0 says:

"This authentication set stipulates that a KMIP client and server SHALL
use TLS to negotiate a mutually authenticated connection with the
exception of the Query operation. The query operation SHALL NOT require
the client to provide assurance of its authenticity."

This only says that the client need not be authenticated. If I
understand correctly the server must still be authenticated, and the
channel must still be encrypted.

The proposal for v1.1 goes much further: neither client nor server
require authentication, the channel does not require confidentiality,
and does not require integrity checking. I doubt that this is not what
you intended.

John


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]