[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: cryptographic usage mask after key revocation
This was posted to the kmip-comment distribution list forwarding to the main TC distribution list – We’ll discuss at today’s meeting. Judy From: Alex Abell <alex.abell@oracle.com> [EXTERNAL EMAIL] Hello all, I had a question about the Cryptographic Usage Mask. In the 2.1 version of the spec, it says the following: “Deactivated: The object SHALL NOT be used for applying cryptographic protection (e.g., encryption, signing, wrapping, MACing, deriving) . The object SHALL only be used for cryptographic purposes permitted by the Cryptographic Usage
Mask attribute. The object SHOULD only be used to process cryptographically-protected information (e.g., decryption, signature verification, unwrapping, MAC verification under extraordinary circumstances and when special permission is granted.” If the Cryptographic Usage Mask previously allowed only encryption and decryption, and the key is revoked (deactivated), does this mean that:
I had always assumed 1) was the case however I can’t definitively prove it with anything from the spec so input would be very appreciated. Closest I found was that “Revoke” was not listed under “When implicitly
set” for “4.17 Cryptographic Usage Mask”. Thank you, Alex Abell |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]