kmip message

Subject: Re: [kmip] Certificates and Cryptographic Usage Mask attribute

From: Tim Hudson <tjh@cryptsoft.com>
To: Mark Joseph <mark@p6r.com>
Date: Tue, 03 Apr 2018 20:15:26 +0000

Or perhaps we completely remove the manadory requirement for a cryptographic usage mask ... some vendors don't actually support it.

The masks themselves also need to be more clearly defined in terms of their intended impact on KMIP servers and clients in terms of both KMIP operations and underlying cryptographic usage.

Tim.

On Tue, 3 Apr. 2018, 1:09 pm Mark Joseph, <mark@p6r.com> wrote:

Hi all,

I am not the first to ask why does KMIP require a Cryptographic Usage Mask for a Certificate? And exactly which value for the Mask makes sense?
It has caused some problems during the interop and I can just see our customers having trouble with this.

How about we discuss this in the Face to Face next week? Maybe we can agree that Certificates don't need Cryptographic Usage Masks for KMIP 2.0, which is what I would like to propose.

Best,
Mark

Follow-Ups:
- Re: [kmip] Certificates and Cryptographic Usage Mask attribute
  - From: "Chevalier, Tim" <Tim.Chevalier@netapp.com>

References:
- Re: [kmip] Possible error in KMIP 1.4 spec
  - From: Tim Hudson <tjh@cryptsoft.com>
- Certificates and Cryptographic Usage Mask attribute
  - From: Mark Joseph <mark@p6r.com>