OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [kmip] NIST SP800-57 Part 1 - Normative Reference


> Thanks for confirming this email thread is about that particular issue and not
> some other (unstated) one - it was entirely unclear what the context was from
> John's initial email.
> 
Another issue is that SP800-57 states:
> A private signature key shall not be retained in the deactivated state, but transition
> immediately to the destroyed state.

While the test case requires the server to hold on to a private signature key in the deactivated state in the interval between the revoke and the destroy request. A minimal change to avoid any interop issues here is to change the cryptographic usage mask from Sign to some other usage, such as key transport.

To clarify our position, the objection is not that the key lifecycle profile outlines non-interoperable behaviour like failing to revoke a public key on compromise of the private key. The objection is that this non-interoperable behaviour is listed as mandatory.

-- Michael


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]