OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [kmip] Digital Signature Algorithm attribute: Multiple-instances allowed: Yes and No

The KMIP spec states that the 3.16 Digital Signature Algorithm [see ([KMIP v1.2] Table 76) attribute can have multiple instances in the case of PGP keys, but may not have multiple instances in the case of X.509 certificates. i.e. The set of single-instance attributes is different depending on the type of managed object. This call-me-maybe attribute interferes with an implementation's ability to define a single, exhaustive set of single-instance attributes.
I further notice that the KMIP spec has created X.509-specific attributes for Identifier, Subject and Issuer:
Given that the PGP certificate type has been deprecated as of KMIP v1.2 [see [KMIP v1.2] 2.2.1 Certificate)], I wonder if we could follow the above pattern and create an X.509 Digital Signature Algorithm attribute, whose Attribute Rules table would unambiguously indicate "Multiple instances permitted=No"? [And the existing 3.16 Digital Signature Algorithm attribute's description could be changed (a) to refer only to PGP keys, and (b) to indicate unambiguously that "Multiple instances permitted=Yes"?]
… Dave
The information contained in this electronic mail transmission 
may be privileged and confidential, and therefore, protected 
from disclosure. If you have received this communication in 
error, please notify us immediately by replying to this 
message and deleting it from your computer without copying 
or disclosing it.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]