OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Cryptographic Usage Mask

All,

Received following feedback regarding Cryptographic Usage Mask. Any thoughts?

The KMIP standard is ambiguous as to whether to require a Cryptographic Usage Mask Attribute for a Secret Data object.

This suggests a KMIP server should:
  • In the "Applies to Object Types" field, the specification says the Cryptographic Usage Mask (section 3.19) applies to all Cryptographic Objects. A Secret Data Object is a Cryptographic Object.
This suggests a KMIP server should not:
  • In the definition of Secret Data (2.2.7), it says Secret Data is "a shared secret value that is not a key or certificate (e.g. a password)." In the description of Cryptographic Usage Mask (section 3.19), it says "The Cryptographic Usage Mask defines the cryptographic usage of a key".
  • The values in the bit mask do not correspond to non-key (e.g. password) use cases. Values such as Encrypt, Sign, Derive Key, etc would not be valid for a password.
Please let me know what the correct interpretation is and how to address this.

Regards,
Saikat

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]