< Return to Ballot details
Vote Details
Ballot: Approve submitting Key Management Interoperability Protocol Specification Version 1.2 as a Candidate OASIS Standard |
Company:QuintessenceLabs Pty Ltd. |
Vote:No |
Comment:4.29 Encrypt
- Does not specify what action to take if supplied Cryptographic Parameters conflict with the Cryptographic Parameters of the Managed Object. I recommend that this section be made consistent with the key wrapping specification requirements, as follows (2.1.6 Key Wrapping Specification):
"If Cryptographic Parameters are specified ..., then the server SHALL verify that they match one of the instances of the Cryptographic Parameters attribute of the corresponding key."
- Does not specify that operation shall fail if the Managed Object is not in a valid state to support the operation (e.g. Active State).
- Does not specify that the Usage Mask of the key be checked to confirm that the requested operation is allowed.
4.30 Decrypt
- Does not specify what action to take if supplied Cryptographic Parameters conflict with the Cryptographic Parameters of the Managed Object
- Does not specify that operation shall fail if the Managed Object is not in a valid state to support the operation.
- Does not specify that the Usage Mask of the key be checked to confirm that the requested operation is allowed.
4.31 Sign
- Does not specify what action to take if supplied Cryptographic Parameters conflict with the Cryptographic Parameters of the Managed Object
- Does not specify that operation shall fail if the Managed Object is not in a valid state to support the operation.
- Does not specify that the Usage Mask of the key be checked to confirm that the requested operation is allowed.
4.32 Signature Verify
- Does not specify what action to take if supplied Cryptographic Parameters conflict with the Cryptographic Parameters of the Managed Object
- Does not specify that operation shall fail if the Managed Object is not in a valid state to support the operation.
- Does not specify that the Usage Mask of the key be checked to confirm that the requested operation is allowed.
4.33 MAC
- Does not specify rules for Managed Objects with a Usage Limits attribute specified
- Does not specify what action to take if supplied Cryptographic Parameters conflict with the Cryptographic Parameters of the Managed Object
- Does not specify that operation shall fail if the Managed Object is not in a valid state to support the operation.
- Does not specify that the Usage Mask of the key be checked to confirm that the requested operation is allowed.
4.34 MAC Verify
- Does not specify what action to take if supplied Cryptographic Parameters conflict with the Cryptographic Parameters of the Managed Object
- Does not specify that operation shall fail if the Managed Object is not in a valid state to support the operation.
- Does not specify that the Usage Mask of the key be checked to confirm that the requested operation is allowed.
4.35 RNG Retrieve and 4.36 RNG Seed
- RNG operations and support are under-specified and can easily lead to interop and security issues.
- Allowing a client to seed "a Random Number Generator" without the ability to specify an RNG instance is bad security. This draft standard currently permits (and supports this with test cases) a single whole-of-server RNG to be shared by all clients.
- A slight improvement would be to only allow a client to add entropy to an RNG rather than seed it. |
|