OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [kmip] Certificates and Cryptographic Usage Mask attribute

Ok sounds like we need to revisit the whole cryptographic usage mask concept and have it apply to only to the objects (e.g. keys) where usages actually make sense.  We have also the proposal that Nitin brought forward around changes to the usage mask themselves which we should also make sure we revisit as part of this F2F discussion.

 

Judy

 

Judith Furlong

Sr. Consultant Product Security Architect

Dell EMC | Product Security Office

Office:  +1-508-249-1124

Judith.Furlong@dell.com

 

From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of Chevalier, Tim
Sent: Tuesday, April 3, 2018 5:40 PM
To: Tim Hudson <tjh@cryptsoft.com>; Mark Joseph <mark@p6r.com>
Cc: OASIS KMIP Technical Committee <kmip@lists.oasis-open.org>; Tony Cox <tony.cox@cryptsoft.com>
Subject: Re: [kmip] Certificates and Cryptographic Usage Mask attribute

 

Hi,

 

Along those lines I’ve never understood the requirement for a cryptographic mask for the Secret Data object…

 

--Tim

 

From: <kmip@lists.oasis-open.org> on behalf of Tim Hudson <tjh@cryptsoft.com>
Date: Tuesday, April 3, 2018 at 4:16 PM
To: Mark Joseph <mark@p6r.com>
Cc: OASIS KMIP Technical Committee <kmip@lists.oasis-open.org>, Tony Cox <tony.cox@cryptsoft.com>
Subject: Re: [kmip] Certificates and Cryptographic Usage Mask attribute

 

Or perhaps we completely remove the manadory requirement for a cryptographic usage mask ... some vendors don't actually support it. 

 

The masks themselves also need to be more clearly defined in terms of their intended impact on KMIP servers and clients in terms of both KMIP operations and underlying cryptographic usage.

 

Tim.

 

On Tue, 3 Apr. 2018, 1:09 pm Mark Joseph, <mark@p6r.com> wrote:

Hi all,

 

    I am not the first to ask why does KMIP require a Cryptographic Usage Mask for a Certificate?    And exactly which value for the Mask makes sense?

It has caused some problems during the interop and I can just see our customers having trouble with this.

 

   How about we discuss this in the Face to Face next week?   Maybe we can agree that Certificates don't need Cryptographic Usage Masks for KMIP 2.0, which is what I would like to propose.

 

 

Best,

Mark 

 

 

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]