Re: [kmip] Groups - Get Random Proposal - Marked up specification - changes only uploaded

[Tim Hudson <tjh@cryptsoft.com>]

Conceptually modelling random (or any other cryptographic related
non-persistent operation) as a managed objects basically does not fit
within the KMIP view of what a managed object actually is. I've made
this point previously in emails and on the various calls and I'm not the
only person who has expressed that view.

Technically it can be done, but technically you also could add Random as
an action off the Query Operation but wouldn't be keeping within the
KMIP view of things. Arguing that you can pin additional application
state against managed objects as associated attributes isn't a sensible
argument to make to justify selecting being a managed object as the
approach to take. Nor is suggesting that because it is a managed object
then Notify and Put could be handy to communication application state
between systems.

If you want Create Random returning a managed object then the same
arguments you have used would apply equally to Create Encryption, Create
Decryption, Create Signing, Create Verifying, Create MACing, Create
MACVerifying as all of those could be modelled as managed objects. We
would then need to add in addition arguments to the Get operation to
support the different semantics required.

Conceptually all of these items covered under cryptographic services are
about things which are fundamentally different to those of the managed
objects we already have in KMIP.

We have yet to hear from anyone else who shares the view or approach you
are suggesting. If there is anyone who agrees with the approach of
modelling transient cryptographic operations as managed objects or sees
that the use case you view as critical to address needs to be addressed
within KMIP they need to speak up.

Tim.