70 likes | 174 Views
Proposal to Update KMIP State Model. Addition of Suspended, Revoked and Shredded key states. Notes on the State Model. A device is not required to support the full state model Clients need to conform and honor a minimum of two states Active and destroyed or shredded
E N D
Proposal to Update KMIP State Model Addition of Suspended, Revoked and Shredded key states
Notes on the State Model • A device is not required to support the full state model • Clients need to conform and honor a minimum of two states • Active and destroyed or shredded • Servers should support a full model to ensure interoperability • Based on individual use cases it may be required to document which states a profile will make use of if the full model is not supported • Not all objects stored in a KMIP server will make use of states and profiles should define at least three states (active and destroyed or shredded) • State models should be defined in profiles if they do not require the entire model for support
Updated State Model SP800-57 Part 1 New State Suspended 19 13 11 12 2 Shredded Destroyed Deactivated Active Pre-Activation 7 17 4 6 1 8 3 5 14 15 10 Revoked Destroyed Compromised Compromised 16 9 18
New State Definitions • Suspended1 • The use of a key may be suspended for a period of time. Individual modules may locally suspend the use of a key without reporting the suspension beyond the users of the module. A suspended key may be restored to an active state at a later time. A suspended key is suspended for all use unless re-activated. Eventually the suspended key is either activated or deactivated. • Revoked1 • A revoked key is permanently taken out of service and will eventually be de-activated. If the integrity or secrecy of the key is suspect, the compromised key may be revoked. Revoked keys are reported in a certificate revocation list or by some equivalent mechanism. Revoked keys are typically revoked for all use. A revoked key can only transition to the deactivated state. • Destroyed • The key is destroyed so that it cannot be recovered. Even though the key no longer exists in this state, certain key attributes (e.g., key identifier, type, transition times and cryptoperiod) are retained. Unique attributes that may still exist (e.g. Name) may be reused. • Shredded • A Shredded key is completely removed including all key attributes such that no remnants of the key exist except in logged information. This releases globally unique attributes (e.g., UUID back into a re-usable condition. 1 Definitions taken from or based in part on state model in NIST Draft SP800-130 dated June 15, 2010 (provided by Elaine Barker)
New Transitions and Descriptions 1 Definitions wholly or based in part on state model in NIST Draft SP800-130 dated June 15, 2010 (provided by Elaine Barker)
To Be Done • A State Definition Profile that expands on the existing NIST SP800-57 Part 1 (current release) document • Existing states may need to be updated (e.g. Destroyed) • Define all transitions (existing and new) • Update specification with new enumerations • Update profiles as required