Hi Bob,

I'll wait a couple days for any reflector discussion. Per today's call we can
resolve this comment as part of the general comment resolution process.

I'll plan on submitting a specific change redline (target next week). Do folks
using the registration operation want to see a similar change in that profile?

Larry H

________________________________ From: robe...@rsa.com [mailto:robe...@rsa.com] Sent: Thursday, January 07, 2010 5:50 AM To: Hofer, Larry; km...@lists.oasis-open.org Subject: Re: [kmip] comment on v1 symmetric key profile

Hi larry -

Thanks for catching this. Let's review it in todayls kmip tc call.

Regards

Bob

________________________________ From: Larr...@Emulex.Com <Larr...@Emulex.Com> To: km...@lists.oasis-open.org <km...@lists.oasis-open.org> Cc: Larr...@Emulex.Com <Larr...@Emulex.Com> Sent: Wed Jan 06 18:01:21 2010 Subject: [kmip] comment on v1 symmetric key profile

Hello all, I noticed a shortcoming in the profile document for symmetric key support.
The profile doc doesn't say the create function requires support for key length
or modes (crypto parameters). Given some client implementations support multiple
lengths and modes, this is a significant shortcoming for clients that would like
to request server creation of keys. This should be added to the v1 or later
symmetric key profile. Preferably the v1 profile should be changed to add these
two server requirements.

I can provide a redline of the document with this small profile document change
if this proposal is agreeable.

It should be noted that the spec says that the server MUST create a Length
attribute when a managed cryptographic object is created or registered. But the
profile doesn't match up with that. There may be a similar change needed
related to the registration function support in the symmetric key profile
supporting that operation.

Regards, Larry H