OASIS Open

QuintessenceLabs Pty Ltd.

No

Security and interop concerns still exist for this proposal as it is currently written. Please see https://www.oasis-open.org/apps/org/workgroup/kmip/download.php/48612/Comments%20on%20crypto%20proposal%20wd10.pdf for detailed comments on earlier draft. Summary of issues still unresolved in wd11:
- Permitting use of shared RNG and not providing profiles or an RNG implementation query operation can lead to compromised random and managed cryptographic objects
- Questions about precedence of cryptographic parameters are still unanswered. Is a client permitted to force a server to perform operations using cryptographic parameters that contradict the parameters of the keys managed by the server?
- Inconsistency regarding specification of Cryptographic Algorithm: not permitted for Encrypt and Decrypt, but permitted for Sign, verify, MAC, MAC Verify. Why?