OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Last Open PKI Related Item for KMIP v1.1

There is one item outstanding from the list of asymmetric key and certificate related items discussed at the F2F -- namely how to deal with the fact that the certificate related fields contained in the Certificate Identifier, Certificate Subject and Certificate Issuer attributes are encoded as Text String within v1.0, but they are derived from fields within X.509 or PGP which are ASN.1 or Octet encoded.

There are now two alternative proposal for how to deal with this in KMIP v1.1

The initial proposal which was last updated on 18 August 2011 provided guidance for how to convert from the fields in the certificate to the required Text String.  That proposal (KMIP v.1.1 Updates for Converting Certificate Encoded Values to Text Strings) may be found at this link:

The alternative proposal was submitted today (October 5, 2011) and recommends that the data type of the fields in question be changed from text string to byte string so that the value from the certificate could be used without conversion.  This proposal (KMIP v.1.1 Proposal for Changing Data Type of Certificate Attribute Related Fields from Text Strings to Byte Strings) may be found at this link:

Please review the two proposals in preparation for a discussion during the KMIP TC call tomorrow.  I also encourage questions or comments on either proposal via the reflector.


P.S.  In creating the second proposal I discovered that the Serial Number field was also used in the recently added Device Credential.   Not wanted to impose the Byte String change on this use of 'serial number' I have renamed the 'serial number' associated with certificates to 'Certificate Serial Number' in the proposal.  The 'Serial Number' field would remain as Text String encoded and would be used with Device Credential.  I would recommend that we rename it to 'Device Serial Number' prior to publication.

Judith Furlong | Consultant Product Manager | EMC Product Security Office | RSA , The Security Division of EMC | office: +1 508 249 3698 | email: Judith.Furlong@emc.com<mailto:Furlong_Judith@emc.com>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]