Re: [kmip] Locate by Value proposal

["Bruce Rich" <brich@us.ibm.com>]

Anthony,

Interesting, but I would be hesitant
to incorporate locate-by-value on cryptographic objects.  As David
Featherstone noted in his comments, this almost seems a hacker use case.

It may be that a server needs to evaluate
incoming objects for matches in current materials already on the server,
and reject duplicates.  The server can already do that, if its policy
so dictates, without us baking it into the protocol.  One could add
a new reason code to communicate this behavior, if really needed.

And this would be going the opposite
direction of NIST SP800-152 compliance, which is going to cause us to not
only leave the cryptographic contents of the objects opaque but also to
smudge up their attributes as well.

Bruce A Rich
brich at-sign us dot ibm dot com




From:      
 Anthony Berglas <anthony.berglas@cryptsoft.com>
To:      
 OASIS KMIP Technical
Committee <kmip@lists.oasis-open.org>
Date:      
 11/17/2015 05:35 AM
Subject:    
   [kmip] Locate
by Value proposal
Sent by:    
   <kmip@lists.oasis-open.org>

---

Hello All,

Attached is the proposal for being able to Locate objects
by their values in an analogous way that we can locate by attribute. 

I would like to discuss this on this week's call.  However, any initial
feedback would be most welcome.

Regards,

Anthony

-- 
Anthony Berglas Ph.D.
Principal Engineer
Anthony.Berglas@Cryptsoft.com
[attachment "LocateValueNov15-Ship.pptx" deleted by Bruce Rich/Austin/IBM]
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that 
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php