Before everyone gets carried away with the PKCS#11 flags how about adding a bit map type to KMIP.
Nothing annoys me more that the fact that Usage Mask is treated especially. Define a bit map data type and its special status disappears at least
as far as an exception on what one can do with searches etc. but there is the backwards compatibility question for that.
If you are going to add PKCS#11 functionality (attributes) to KMIP then either you will come up with more reasons for another special mask such as
the storage attributes (private, modifyable, copyable, destroyable, token) or adopt a bit map data type compatible with integer (for bit mask equivalence). Other candidates for items in a mask are SENSITIVE and EXTRACTAABLE with even ALWAYS SENSITIVE and
Without the bit mask there will be a proliferation of attributes.
If you want to make a standard that is small, concise and elegant then it should not have any exceptions. Because of Usage Mask the type system is
Well that is my view anyway.
If you would like a more formal description I would be happy to supply one.
On the Import operation why not define a minimum set of attributes that must be supported on both ends for the operation to succeed? Maybe this is a way to ensure interoperability. I think one use for this feature could be by a customer
to export from one server vendor and move the object to a different vendors product.
Um, that should be PKCS#11, not POX intended!
On Thu, Jan 5, 2017 at 7:25 PM, Anthony Berglas <firstname.lastname@example.org> wrote:
Below is the link to a proposal to add Extractable and Sensitive flags to KMIP. They are modeled after POCS#11 in order to restrict the retrieval of key material.
I will present this on tomorrow's call.
-- Anthony Berglas
This email has been scanned by the Symantec Email Security.cloud service for QuintessenceLabs Pty Ltd.