OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [kmip] KMIP Spec v1.2 wd05: Multiple Cryptographic Parameters for a Single Key

On Tuesday, 2 July 2013 12:38 PM (AEST), Tim Hudson wrote:
>On 2/07/2013 11:51 AM, John Leiseboer wrote:
>> Another interpretation that we could apply is that multiple
>> instances of the Attribute Object are permitted, but that
>> fields SHALL not be repeated in each instance.
> There simply is nothing within the specification to support that
> interpretation. Could you locate some text to support that anywhere in
> the specification?
No, you misunderstand me. I am not saying there is anything in the
specification that could be literally interpreted this way. In your
response, you've edited out the bit where I said what the literal
interpretation most likely would be. (And I'm sure that your
interpretation matches that too given your response.)

What I am asking, is if the TC should consider changing the
specification to have this alternative interpretation.

> If you can locate such text (which I haven't seen) then the text would
> clash with the examples (which I know are however non-normative) in the
> usage guide and with common sense usage too (see the example in the
> usage guide).
I think the only possible clash with Usage Guide examples would be with
the key wrapping text in section 4.2. All the other examples in the
Usage Guide that I can find, only show a single instance of the
Cryptographic Parameters Attribute Object.

> In addition, this whole area remains unchanged since the initial
> contribution which went on to form KMIP 1.0. That doesn't mean it
> shouldn't change, but absent a clearly demonstrated interoperability
> issue we haven't made fundamental changes to KMIP other than addition of
> functionality.
Do we have test cases that exercise this functionality? We didn't in
1.0 or 1.1 as far as I'm aware. Even the 1.1 Key Wrap test cases did not
specify keys with multiple Cryptographic Parameters instances (just to
link back to the Usage Guide comments above). Perhaps we haven't seen
interop issues because we simply haven't got test cases, or there aren't
implementations that actually instantiate multiple Cryptographic
Parameters Attribute Objects with different field values?

The easiest way to not find interoperability issues, is to not test for
them.

John

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]