OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [kmip] Groups - cryptographic-services-usage-guide-v1.docx uploaded

I was hoping to see text suitable for inclusion in Sections 2 and 3 of the Usage Guide: assumptions that underlie the KMIP protocol, and guidance on using the functionality, respectively. The proposed text reads more like an attempt to justify the new crypto services operations rather than provide useful guidance, explanation or clarification.

 

Text addressing the following might provide more value:

 

That a client cannot depend on a KMIP server protecting against another client seeding a single instance, whole of server RNG is important information that should go into Section 2. As a user of KMIP, I would hope to see this sort of information clearly presented so that I can make decisions on how to use KMIP securely in an application, identify potential issues, and frame questions for vendors of KMIP products. The current wording on this topic (last paragraph of "Cryptographic services (usage guide  text)") leaves it to the reader to work out the issues, and, in my opinion, does not go far enough in identifying the possible security issues that a compliant server could exhibit.

 

Guidance on how to use the attributes, and precedence treatment of attributes with crypto operations would be useful in Section 3. Recommendations on how algorithms, modes of operation, and other security relevant attributes can be used, and overridden or not overridden by clients would be of value. That security issues could arise from clients overriding the attributes of a managed cryptographic object should be stated, and reasons provided as to when and why clients should be allowed to instruct the server to use the client's provided attributes rather than the actual object attributes managed by the server.

 

John

 

From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of Tim Hudson
Sent: Thursday, 23 May 2013 7:00 AM
To: kmip@lists.oasis-open.org
Subject: [kmip] Groups - cryptographic-services-usage-guide-v1.docx uploaded

 

Document Name: cryptographic-services-usage-guide-v1.docx

Description
Proposed Usage Guide text for Cryptographic Services
Download Latest Revision
Public Download Link

Submitter: Tim Hudson
Group: OASIS Key Management Interoperability Protocol (KMIP) TC
Folder: Drafts
Date submitted: 2013-05-22 13:59:27

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]