Hello
all,
I
noticed a shortcoming in the profile document for symmetric key support. The
profile doc doesn't say the create function requires support for key length or
modes (crypto parameters). Given some client implementations support multiple
lengths and modes, this is a significant shortcoming for clients that would like
to request server creation of keys. This should be added to the v1 or
later symmetric key profile. Preferably the v1 profile should be changed to add
these two server requirements.
I can provide a
redline of the document with this small profile document
change if this proposal is agreeable.
It should be noted
that the spec says that the server MUST create a Length attribute when a managed
cryptographic object is created or registered. But the profile doesn't match up
with that. There may be a similar change needed related to the
registration function support in the symmetric key profile supporting that
operation.
Regards,
Larry H