Re: [kmip] Certificates and Cryptographic Usage Mask attribute

["Chevalier, Tim" <Tim.Chevalier@netapp.com>]

Hi,

 

Along those lines I’ve never understood the requirement for a cryptographic mask for the Secret Data object…

 

--Tim

 

From: <kmip@lists.oasis-open.org> on behalf of Tim Hudson <tjh@cryptsoft.com>
Date: Tuesday, April 3, 2018 at 4:16 PM
To: Mark Joseph <mark@p6r.com>
Cc: OASIS KMIP Technical Committee <kmip@lists.oasis-open.org>, Tony Cox <tony.cox@cryptsoft.com>
Subject: Re: [kmip] Certificates and Cryptographic Usage Mask attribute

 

Or perhaps we completely remove the manadory requirement for a cryptographic usage mask ... some vendors don't actually support it. 

 

The masks themselves also need to be more clearly defined in terms of their intended impact on KMIP servers and clients in terms of both KMIP operations and underlying cryptographic usage.

 

Tim.

 

On Tue, 3 Apr. 2018, 1:09 pm Mark Joseph, <mark@p6r.com> wrote:

Hi all,

 

    I am not the first to ask why does KMIP require a Cryptographic Usage Mask for a Certificate?    And exactly which value for the Mask makes sense?

It has caused some problems during the interop and I can just see our customers having trouble with this.

 

   How about we discuss this in the Face to Face next week?   Maybe we can agree that Certificates don't need Cryptographic Usage Masks for KMIP 2.0, which is what I would like to propose.

 

 

Best,

Mark