Re: [kmip] Distributed Key Management Systems Usage Guide test

[Mark Joseph <mark@p6r.com>]

I am not saying there are easy solutions to these problems but your text really does not help.   It allows each vendor to resolve such issues in their own way.   Thus someone writing a client will likely have to write different code for each vendor after they figure out what each vendor does.    

Best,

Mark Joseph

P6R,  Inc

408-205-0361

mark@p6r.com

On Aug 21, 2019, at 9:23 PM, Anthony Berglas <anthony.berglas@cryptsoft.com> wrote:

Hello All,

I would propose the following text for the usage guide following my talk at the face to face.  Any comments most welcome.

4.7 Distributed Key Management Systems

Key management systems may be distributed across multiple servers which are not continuously connected.  This means that updates can be made to one server that are inconsistent with updates to a second server.  The inconsistency may not be detected until the servers communicate with each other which might be some time after the conflicting updates were made, so they cannot simply be rejected from the clients.

One example is that a given key may end up in inconsistent states on different servers, such as both Active and Compromized.  Another is that two keys in different servers may end up with the same Name.  And forward and backward links may be inconsistent.

Distributed KMIP systems need to be carefully designed to address such issues.  For example, if inconsistent states are encountered, then a strategy is needed to produce a sensible resolution.  Likewise having multiple keys from different sources with the same name should be resolved in a consistent manner, and operations such as Re-Key need to behave sensibly in such a situation.

--

Anthony Berglas Ph.D.
Principal Engineer
Anthony.Berglas@Cryptsoft.com