Re: [kmip] PKCS#12 Proposal: Clarification of Question in TC

[Anthony Berglas <anthony.berglas@cryptsoft.com>]

Hello John,

Sounds like a good idea.  I will add the note.

(Were we do not want to go in the short term is attempting to register based on a PKCS12.  KISS for now.)

Anthony

On Fri, May 22, 2015 at 6:47 AM, John Leiseboer <JL@quintessencelabs.com> wrote:

Clarifying my comment on the TC call today regarding whether operations such as Register should state that the PKCS#12 key format type should return an error.

The Register operation has required inputs of Object Type, Template-Attribute and an Object (Certificate, Symmetric Key, Private Key, etc.).

Taking a Private Key as the subject of registration, for example, the Private Key Object contains a Key Block. The Key Block is a structure containing a Key Value, and must contain a Key Format Type.

So my question, re-phrased, is this:

Should operations, such as Register, that take as input a Key Object, where the Key Block specifies a Key Type of PKCS#12 return an error? If so, should the standard state that it is an error to attempt to Register a PKCS#12 key type?

John

John Leiseboer | Chief Technology Officer | QuintessenceLabs | W: quintessencelabs.com
E: jl@quintessencelabs.com | M(AU): +61 409 487 510 | M(US): +1 202 294 6825 | Skype: jleiseboer
AU: 15 Denison St | Deakin | ACT 2601 | T: +61 2 6260 4922
US: Suite 220 | 175 Bernal Road | San Jose CA 95119 | T: +1 650 870 9920



---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

--

Anthony Berglas Ph.D.
Principal Engineer
Anthony.Berglas@Cryptsoft.com