I'll wait a couple days for any reflector discussion. Per today's call we can resolve this comment as part of the general comment resolution process.
I'll plan on submitting a specific change redline (target next week). Do folks using the registration operation want to see a similar change in that profile?
From: robe...@rsa.com [mailto:robe...@rsa.com]
Sent: Thursday, January 07, 2010 5:50 AM
To: Hofer, Larry; km...@lists.oasis-open.org
Subject: Re: [kmip] comment on v1 symmetric key profile
Hi larry -
Thanks for catching this. Let's review it in todayls kmip tc call.
From: Larr...@Emulex.Com <Larr...@Emulex.Com>
To: km...@lists.oasis-open.org <km...@lists.oasis-open.org>
Cc: Larr...@Emulex.Com <Larr...@Emulex.Com>
Sent: Wed Jan 06 18:01:21 2010
Subject: [kmip] comment on v1 symmetric key profile
I noticed a shortcoming in the profile document for symmetric key support. The profile doc doesn't say the create function requires support for key length or modes (crypto parameters). Given some client implementations support multiple lengths and modes, this is a significant shortcoming for clients that would like to request server creation of keys. This should be added to the v1 or later symmetric key profile. Preferably the v1 profile should be changed to add these two server requirements.
I can provide a redline of the document with this small profile document change if this proposal is agreeable.
It should be noted that the spec says that the server MUST create a Length attribute when a managed cryptographic object is created or registered. But the profile doesn't match up with that. There may be a similar change needed related to the registration function support in the symmetric key profile supporting that operation.