OASIS Key Management Interoperability Protocol (KMIP) TC

 View Only

comment on v1 symmetric key profile

  • 1.  comment on v1 symmetric key profile

    Posted 01-06-2010 23:02
    
    
    
    
    
    Hello all,
       I noticed a shortcoming in the profile document for symmetric key support. The profile doc doesn't say the create function requires support for key length or modes (crypto parameters). Given some client implementations support multiple lengths and modes, this is a significant shortcoming for clients that would like to request server creation of keys.  This should be added to the v1 or later symmetric key profile. Preferably the v1 profile should be changed to add these two server requirements.
     
    I can provide a redline of the document with this small profile document change if this proposal is agreeable.
     
    It should be noted that the spec says that the server MUST create a Length attribute when a managed cryptographic object is created or registered. But the profile doesn't match up with that.  There may be a similar change needed related to the registration function support in the symmetric key profile supporting that operation.
     
    Regards,
    Larry H