kmip message

Subject: Re: [kmip] Groups - kmip-https-profile-v1.0-wd04.pdf uploaded

From: Tim Hudson <tjh@cryptsoft.com>
To: John Leiseboer <jl@quintessencelabs.com>
Date: Fri, 27 Jul 2012 08:43:34 +1000

 If a user elects to enable KMIP/HTTPS and disable KMIP/TTLV must either
 a. Disallow the user from configuring port 5696 for KMIP/HTTPS, or
 b. Override user's wishes and enable KMIP/TTLV on port 5696


Rubbish.

The server can simply note that the user is electing to run in a non-conforming mode (and warn the user and require confirmation or simple allow it or deny it - entirely depending on the vendors views on how that should be treated).

This is exactly what is done when vendors offer FIPS140 support and a customer elects to use an algorithm that is not allowed under FIPS140.

You can do it - but you simply cannot claim to be in a conforming state when that is done.

Tim.

Follow-Ups:
- RE: [kmip] Groups - kmip-https-profile-v1.0-wd04.pdf uploaded
  - From: John Leiseboer <jl@quintessencelabs.com>

References:
- RE: [kmip] Groups - kmip-https-profile-v1.0-wd04.pdf uploaded
  - From: John Leiseboer <jl@quintessencelabs.com>
- RE: [kmip] Groups - kmip-https-profile-v1.0-wd04.pdf uploaded
  - From: John Leiseboer <jl@quintessencelabs.com>
- Re: [kmip] Groups - kmip-https-profile-v1.0-wd04.pdf uploaded
  - From: Tim Hudson <tjh@cryptsoft.com>
- RE: [kmip] Groups - kmip-https-profile-v1.0-wd04.pdf uploaded
  - From: John Leiseboer <jl@quintessencelabs.com>