RE: [kmip] Certificates and Cryptographic Usage Mask attribute

[Jain Nitin <nitin.jain@gemalto.com>]

Hi Guys,

I am working on to formalize the Cryptographic Usage mask doc as per comments provided by Judy.

Will upload it till this weekend.

 

Thanks,

Nitin

From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of Furlong, Judith
Sent: 04 April 2018 03:16
To: Chevalier, Tim <Tim.Chevalier@netapp.com>; Tim Hudson <tjh@cryptsoft.com>; Mark Joseph <mark@p6r.com>
Cc: OASIS KMIP Technical Committee <kmip@lists.oasis-open.org>; Tony Cox <tony.cox@cryptsoft.com>
Subject: [+SPAM+]: RE: [kmip] Certificates and Cryptographic Usage Mask attribute

 

Ok sounds like we need to revisit the whole cryptographic usage mask concept and have it apply to only to the objects (e.g. keys) where usages actually make sense.  We have also the proposal that Nitin brought forward around changes to the usage mask themselves which we should also make sure we revisit as part of this F2F discussion.

 

Judy

 

Judith Furlong

Sr. Consultant Product Security Architect

Dell EMC | Product Security Office

Office:  +1-508-249-1124

Judith.Furlong@dell.com

 

From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of Chevalier, Tim
Sent: Tuesday, April 3, 2018 5:40 PM
To: Tim Hudson <tjh@cryptsoft.com>; Mark Joseph <mark@p6r.com>
Cc: OASIS KMIP Technical Committee <kmip@lists.oasis-open.org>; Tony Cox <tony.cox@cryptsoft.com>
Subject: Re: [kmip] Certificates and Cryptographic Usage Mask attribute

 

Hi,

 

Along those lines I’ve never understood the requirement for a cryptographic mask for the Secret Data object…

 

--Tim

 

From: <kmip@lists.oasis-open.org> on behalf of Tim Hudson <tjh@cryptsoft.com>
Date: Tuesday, April 3, 2018 at 4:16 PM
To: Mark Joseph <mark@p6r.com>
Cc: OASIS KMIP Technical Committee <kmip@lists.oasis-open.org>, Tony Cox <tony.cox@cryptsoft.com>
Subject: Re: [kmip] Certificates and Cryptographic Usage Mask attribute

 

Or perhaps we completely remove the manadory requirement for a cryptographic usage mask ... some vendors don't actually support it. 

 

The masks themselves also need to be more clearly defined in terms of their intended impact on KMIP servers and clients in terms of both KMIP operations and underlying cryptographic usage.

 

Tim.

 

On Tue, 3 Apr. 2018, 1:09 pm Mark Joseph, <mark@p6r.com> wrote:

Hi all,

 

    I am not the first to ask why does KMIP require a Cryptographic Usage Mask for a Certificate?    And exactly which value for the Mask makes sense?

It has caused some problems during the interop and I can just see our customers having trouble with this.

 

   How about we discuss this in the Face to Face next week?   Maybe we can agree that Certificates don't need Cryptographic Usage Masks for KMIP 2.0, which is what I would like to propose.

 

 

Best,

Mark 

 

 

 

---

This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.