[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [kmip] Groups - KMIP-SP800-130-152.pdf uploaded
My concern is that NIST appears to be looking to update the SP800-57 Part 1 state model to include revoke, suspend and return to activation. The are also calling out these states in the Second Draft of SP800-152. It would be nice to consider at least the addition of the states to KMIP or as other attributes at a minimum so that they may be used by key owners without requiring server vendors getting in the way if NIST or someone else has a need. As for use cases there are potential use cases for these states for not just certificates but symmetric keys as well (e.g. Tape falls off the back of a truck but is found in the library two weeks later - real world use case that I have seen three or four times before). Robert A. (Bob) Lockhart Chief Solutions Architect - Key Management Thales e-Security, Inc. On Feb 18, 2014, at 1:39 PM, "Furlong, Judith" <judith.furlong@emc.com<mailto:judith.furlong@emc.com>> wrote: Chuck In Slide 7, last bullet you suggest adding new operations for Suspend/Re-activate and associated date attributes Instead of adding new operations one could leverage the Revoke operation to support this – We deferred support of the certificateHold and removeFromCRL revocation reasons from current KMIP versions mainly because we didn’t see folks using KMIP to support the suspending/unsuspending of public key certificates. But SP800-130 support could be used as justification for adding the certificateHold and removeFromCRL options to the revocation reason enumerations. If we leverage the Revoke operation in this way you could also leverage the existing Compromise Date to handle when the key was Suspended. This assume folks are not bothered by using an attribute named ‘compromise’ for something which is ‘suspended’. A new attribute to track when the key was reactivated would still need to be added – assuming you don’t want to overload Activation Date. Judy From: kmip@lists.oasis-open.org<mailto:kmip@lists.oasis-open.org> [mailto:kmip@lists.oasis-open.org] On Behalf Of Charles White Sent: Thursday, February 13, 2014 7:49 AM To: kmip@lists.oasis-open.org<mailto:kmip@lists.oasis-open.org> Subject: [kmip] Groups - KMIP-SP800-130-152.pdf uploaded Submitter's message Good morning/evening KMIP TC! KMIP-SP800-130-152.pdf provides an overview of how NIST guidelines for Cryptographic Key Management Systems impact KMIP. Also this presentation provides options for further alignment of KMIP to NIST standards. Note there is a corresponding spreadsheet - NIST-KMIP CR.xlsx that documents the relationship between the collective set of standards. Thanks! Chuck -- Charles White Document Name: KMIP-SP800-130-152.pdf<https://www.oasis-open.org/apps/org/workgroup/kmip/document.php?document_id=52201> ________________________________ Description Review of NIST SP800-130 and NIST SP800-152. Discussing options to update KMIP 1.3 to align with NIST guidance. Note that there is a corresponding spreadsheet - NIST KMIP CR.xlsx Download Latest Revision<https://www.oasis-open.org/apps/org/workgroup/kmip/download.php/52201/latest/KMIP-SP800-130-152.pdf> Public Download Link<https://www.oasis-open.org/committees/document.php?document_id=52201&wg_abbrev=kmip> ________________________________ Submitter: Charles White Group: OASIS Key Management Interoperability Protocol (KMIP) TC Folder: Drafts Date submitted: 2014-02-13 04:48:46
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]