kmip message

Subject: RE: [kmip] NIST SP800-57 Part 1 - Normative Reference

From: Michael Stevens <MS@quintessencelabs.com>
To: "kmip@lists.oasis-open.org" <kmip@lists.oasis-open.org>
Date: Thu, 8 Aug 2013 20:46:21 +0000

> The discussion at the time (in the face to face and prior and subsequently) was
> on whether or not it is a requirement for a KMIP server to automatically revoke
> a public key managed object when a private key managed object is revoked. 

To clarify: The problem is not that a KMIP server is required to revoke. The problem is that AKLC-M-3 requires that the KMIP server NOT revoke. A server that does revoke the public key will not return "Preactive" when the state is checked at time 7. This is not listed as an acceptable deviation. 

The consensus of the group was that for a KMIP server to automatically revoke was not required. The behaviour described by the test case is that for a KMIP server to automatically revoke is forbidden.

-- Michael

Follow-Ups:
- Re: [kmip] NIST SP800-57 Part 1 - Normative Reference
  - From: Tim Hudson <tjh@cryptsoft.com>

References:
- NIST SP800-57 Part 1 - Normative Reference
  - From: John Leiseboer <JL@quintessencelabs.com>
- Re: [kmip] NIST SP800-57 Part 1 - Normative Reference
  - From: Tim Hudson <tjh@cryptsoft.com>