1 / 6

KMIP Support for PGP

KMIP Support for PGP. Things to take out Things to put in. Remove “PGP Certificate” (2.2.1). Certificate managed object can be of type “PGP” This classification makes no sense to anyone. Removal of PGP Certificate Type Changes to KMIP Specification*. Section 1.1 - Terminology

halil
Download Presentation

KMIP Support for PGP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. KMIP Support for PGP • Things to take out • Things to put in

  2. Remove “PGP Certificate” (2.2.1) • Certificate managed object can be of type “PGP” • This classification makes no sense to anyone

  3. Removal of PGP Certificate TypeChanges to KMIP Specification* • Section 1.1 - Terminology • Remove PGP Certificate from Terminology list • Replace with a PGP Key and other appropriate PGP related definitions • Section 2.2.1 - Certificate • Remove third sentence of first paragraph which discusses PGP certificates • Add appropriate deprecation text • Section 3.8 – Certificate Type • Remove references to a PGP certificate type • Add appropriate deprecation text • Section 3.13 – Certificate Issuer • Deprecated in v1.1 leave text as is? • Section 3.14 – Certificate Subject • Deprecated in v1.1 leave text as is? • Section 3.16 – Digital Signature Algorithm • Remove reference to PGP certificates in table • Replace with a reference to new PGP Key object? • Section 4.7 – Certify • Remove references to a PGP certificate type • Add appropriate deprecation text • Section 4.8 – Re-Certify • Remove references to a PGP certificate type • Add appropriate deprecation text • Section 9.1.3.2.6 – Certificate Type Enumeration • Remove the enumeration (00000002) for PGP • Add appropriate deprecation text • Section 9.1.3.2.22 – Certificate Request Type Enumeration • Remove the enumeration (00000004) for PGP • Add appropriate deprecation text * References to PGP certificates also need to be removed from other KMIP documents (e.g. Usage Guide, etc.)

  4. Add PGP Key Type (2.2.x) • A new object type. • A keyblock value (opaque blob) • A version number (generally 3 or 4)

  5. Add Alternative Name Attribute (3.y) • Similar in structure to current Name • Will have a type, suggested to following RFC 5280 types • Unstructured • Email address • DNS name • URL • DN • IP address • Will have a value • Will not be unique across a key management domain • Applicable to all managed objects

  6. Add New Link Types (9.1.3.2.20) • Parent • Child • Previous • Next • These can describe hierarchical and sibling relationships between keys. • Open question about what to do with Certificate link type: deprecate for parent / child, or keep?

More Related