< Return to Ballot details
Vote Details
| Ballot: Cryptographic Services |
Company:Thales e-Security |
Vote:No |
Comment:I agree with the proposal in principal but as it stands now it is still open to generic encryption operations that are not the purpose of KMIP.
The functions need to be focused on keys, and other objects such that objects to be encrypted should be registered as part of the encrypt operation as a key, secret data or opaque object.
We need to consider the repercussions of any server to server operations in the future that will require these operations as well since sharing a key from one server to another will in all likelihood require an unwrap from an internal key or keys and rewrap with a mutually agreed upon key between the servers.
Sign/Certify and Verify/Validate operations should be focused on keying material for validation AND for use in client registration operations.
The RNG/RBG functions are fine as is. |
|
