Ballot Details: RNG - go forward strategy (CLOSED)

Ballot Question Which way do we move forward around RNG prescription in various operations?
Ballot Description There are two different approaches to addressing how to describe/select/seed/... RNGs in KMIP:

1. Enhancements to query and use of attributes to prescribe RNGs during usage
2. RNG as an object with its set of operations and changes to other operations
Ballot Options
VOTING CLOSED: Thursday, 9 January 2014 @ 11:00 am PST
Query enhancements + Attributes 26 89 19/29
RNG Object 0 0
Both 1 & 2 3 10 10/29
Neither 0 0
Open Date Wednesday, 1 January 2014 @ 11:00 am PST
Close Date Thursday, 9 January 2014 @ 11:00 am PST

Voting Statistics

Number of votes cast (excluding abstentions) 29
Eligible members who have voted 29 of 33 87 29/33%
Eligible members who have not voted 4 of 33 12 4/33%

Voting Summary by Option

Options with highest number of votes are bold
Option # Votes % of Total
Query enhancements + Attributes 26 89 19/29%
RNG Object 0 0%
Both 1 & 2 3 10 10/29%
Neither 0 0%

Voting Details

Voter Name Company Vote * Time (UTC) Comments
* Bartell, Jeff Semper Fortis Solutions, LLC. Query enhancements + Attributes 2014-01-02 14:18:00
* Benjamin, Tom IBM Query enhancements + Attributes 2014-01-07 14:21:00
* Brand, Joseph Semper Fortis Solutions, LLC. Query enhancements + Attributes 2014-01-02 14:53:00
* Burns, Robert Thales e-Security Query enhancements + Attributes 2014-01-06 19:19:00
* Cox, Tony Cryptsoft Pty Ltd. Query enhancements + Attributes 2014-01-01 22:04:00 1
* Furlong, Judith EMC Query enhancements + Attributes 2014-01-08 19:22:00
* Gleeson, Susan Oracle Query enhancements + Attributes 2014-01-07 17:44:00
* Hudson, Tim Cryptsoft Pty Ltd. Query enhancements + Attributes 2014-01-02 11:36:00 1
* Joseph, Mark P6R, Inc Query enhancements + Attributes 2014-01-01 22:37:00 1
* Kriese, Kathy Symantec Corp. Query enhancements + Attributes 2014-01-02 18:00:00
* Lockhart, Hal Oracle Query enhancements + Attributes 2014-01-07 19:14:00
* Lockhart, Robert Thales e-Security Query enhancements + Attributes 2014-01-06 19:45:00 1
* Peck, John IBM Query enhancements + Attributes 2014-01-07 00:25:00
* Rich, Bruce IBM Query enhancements + Attributes 2014-01-06 22:55:00
* Robbins, Warren Dell Query enhancements + Attributes 2014-01-06 14:31:00
* Robinson, Rick IBM Query enhancements + Attributes 2014-01-06 23:55:00
* Saha, Saikat Oracle Query enhancements + Attributes 2014-01-08 21:09:00
* Sankuratripati, Subhash NetApp Query enhancements + Attributes 2014-01-08 21:13:00
* Soman, Amruta Cryptsoft Pty Ltd. Query enhancements + Attributes 2014-01-01 23:48:00
* Thota, Kiran VMware, Inc. Query enhancements + Attributes 2014-01-02 23:45:00 1
* Turajski, Nathan Thales e-Security Query enhancements + Attributes 2014-01-04 00:38:00
* White, Charles Semper Fortis Solutions, LLC. Query enhancements + Attributes 2014-01-02 12:59:00
* Yellepeddy, Krishna IBM Query enhancements + Attributes 2014-01-09 12:50:00
* Ying, Catherine SafeNet, Inc. Query enhancements + Attributes 2014-01-02 17:48:00
* Yoder, Michael Vormetric, Inc. Query enhancements + Attributes 2014-01-01 21:02:00
* Zdunkiewicz, Magda Cryptsoft Pty Ltd. Query enhancements + Attributes 2014-01-01 21:53:00
* Armstrong, Warren QuintessenceLabs Pty Ltd. Both 1 & 2 2014-01-04 10:08:00
* Leiseboer, John QuintessenceLabs Pty Ltd. Both 1 & 2 2014-01-02 12:24:00 1
* Robinson, Peter EMC Both 1 & 2 2014-01-08 04:45:00
* Chong, Kenli QuintessenceLabs Pty Ltd. --
* Jenkins, Michael National Security Agency --
* Kingston, Stephen SafeNet, Inc. --
* Wong, Jin QuintessenceLabs Pty Ltd. --

Voter Comments

Submitter Vote Comment
Thota, Kiran
VMware, Inc.
Query enhancements + Attributes RNG object, as I understand it, will need more serious thought and changes in the spec. Will be a good candidate to investigate for a major revision and not 1.3.
Lockhart, Robert
Thales e-Security
Query enhancements + Attributes I do not believe that creating a full object and attributes for RNG would fall under what we are trying to do in OASIS KMIP TC. I believe that it falls too far inside implementation which is best left for organizations to determine. I have no issue with RNG being an attribute of an object but not a full object itself.

In most organizations, RNGs are local to where the key is generated (either the device itself or the key manager). In the cases where it is a third entity, it is usually enforced by the application or the organization and therefor should not fall under KMIP as anything other than a way to identify where the key object was generated as an attribute.
Joseph, Mark
P6R, Inc
Query enhancements + Attributes Lets not go over ground that has already been decided. We need to add other items to the protocol and should not waste time on old issues.
Cox, Tony
Cryptsoft Pty Ltd.
Query enhancements + Attributes I'm unsure how Random can neatly fit within the definition of an Object, given that Objects are immutable in KMIP. From my standpoint it would appear every operation that involves an Object would need to be reconsidered, if only to include a "is this a Random type Object?" check in order to do something different.
Hudson, Tim
Cryptsoft Pty Ltd.
Query enhancements + Attributes Changing the approach for RNG to be an object would be inconsistent with the KMIP model and the decisions already made as part of KMIP-1.2 and without substantial reasons to change we should not be changing the approach in KMIP-1.3 IMHO
Leiseboer, John
QuintessenceLabs Pty Ltd.
Both 1 & 2 The query enhancements are compatible with the RNG Object proposal, however they do not provide the more complete protection and assurance of the RNG Object proposal.