OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [kmip] Import operation suggestion

Hi Anthony,


Before everyone gets carried away with the PKCS#11 flags how about adding a bit map type to KMIP.


Nothing annoys me more that the fact that Usage Mask is treated especially. Define a bit map data type and its special status disappears at least as far as an exception on what one can do with searches etc. but there is the backwards compatibility question for that.


If you are going to add PKCS#11 functionality (attributes) to KMIP then either you will come up with more reasons for another special mask such as the storage  attributes (private, modifyable, copyable, destroyable, token) or adopt a bit map data type compatible with integer (for bit mask equivalence). Other candidates for items in a mask are SENSITIVE and EXTRACTAABLE with even ALWAYS SENSITIVE and NEVER EXTRACTABLE.

Without the bit mask there will be a proliferation of attributes.


If you want to make a standard that is small, concise and elegant then it should not have any exceptions. Because of Usage Mask the type system is obviously lacking.


Well that is my view anyway.


If you would like a more formal description I would be happy to supply one.


John Green


From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of Mark Joseph
Sent: Friday, 6 January 2017 10:51 AM
To: Anthony Berglas <anthony.berglas@cryptsoft.com>
Cc: OASIS KMIP Technical Committee <kmip@lists.oasis-open.org>
Subject: [kmip] Import operation suggestion




On the Import operation why not define a minimum set of attributes that must be supported on both ends for the operation to succeed?   Maybe this is a way to ensure interoperability.    I think one use for this feature could be by a customer to export from one server vendor and move the object to a different vendors product.   


Mark Joseph

P6R,  Inc



On Jan 5, 2017, at 1:28 AM, Anthony Berglas <anthony.berglas@cryptsoft.com> wrote:

Um, that should be PKCS#11, not POX intended!



On Thu, Jan 5, 2017 at 7:25 PM, Anthony Berglas <anthony.berglas@cryptsoft.com> wrote:

Submitter's message
Hello All,

Below is the link to a proposal to add Extractable and Sensitive flags to KMIP. They are modeled after POCS#11 in order to restrict the retrieval of key material.

I will present this on tomorrow's call.
-- Anthony Berglas

Document Name: Non Exportable and Sensitive Attributes proposal

No description provided.
Download Latest Revision
Public Download Link

Submitter: Anthony Berglas
Group: OASIS Key Management Interoperability Protocol (KMIP) TC
Folder: Drafts
Date submitted: 2017-01-05 01:25:10


Anthony Berglas Ph.D.
Principal Engineer

This email has been scanned by the Symantec Email Security.cloud service for QuintessenceLabs Pty Ltd.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]