OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: KMIP Suite B Profile Version 1.0

Sorry if this this was discussed in concalls, I am still on leave of absence, but did find some issues while looking through this profile that I noted has gone to ballot.


SBS-M-1 and SBS-M-2 are marked as TODO. Does it make sense to move a document to CD status with to do sections in it?
SBTS-M-1 and SBTS-M-2 also marked as TODO.

It is not clear to me whether a server conformant to this profile is restricted to using the algorithms, key sizes, etc. specified for Suite B, or if it is allowed to support non-Suite B ciphers, etc. Is a server implementation allowed to support both Suite B conformant clients as well as non-conformant clients concurrently?  It would be helpful if the profile said whether the server is strictly limited to keys for the ciphers in the profile or not.

It's also not clear to me whether a server conformant with this profile can internally use non-Suite B ciphers, RNGs, etc. Are there any restrictions on the RNG type that a conformant server is allowed to use internally? Perhaps this is out of scope for a KMIP profile, but in scope for a server implementation? Should we provide guidance on this?

I assume that conformant clients would be strictly limited to the Suite B ciphers, etc. As the client is the entity performing protection and processing operations it seems to me that there is no scope for the client to operate outside of the Suite B requirements.


John Leiseboer                          QuintessenceLabs Pty Ltd
Chief technology Officer                Suite 23, Physics Building #38
Phone:  +61 7 5494 9291 (Qld)           Science Road
Phone:  +61 2 6125 9498 (ACT)           Australian National University
Mobile: +61 409 487 510                 Acton ACT 0200
Fax:    +61 2 6125 7180                 AUSTRALIA
Email:  JL@quintessencelabs.com         www.quintessencelabs.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]