[ksk-rollover] Needless to say, like anything else, there is a tradeoff
Billie Gan
ganbillie at gmail.com
Sun Aug 6 14:34:52 UTC 2023
<div dir="ltr">There is not much you can do with the existing keys but
still, KMIP is something to consider going forward if one is concerned
about vendor lock-ins.<div>Needless to say, like anything else, there
is a tradeoff.</div><div><br></div><div>Cheers!</div><div>T.</div></div><br><div
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jul 31,
2023 at 11:23 PM Jakob Schlyter via ksk-rollover <<a href="mailto:
ksk-rollover at icann.org">ksk-rollover at icann.org
</a>> wrote:<br></div><blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">On 2023-07-31 at 14:53, Frederico A
C Neves via ksk-rollover wrote:<br>
<br>
> From our experience besides admin interfaces, standard APIs for<br>
> regular operations, generating keys, sign, verify etc... are available<br>
> (PKCS#11/KMIP) from multiple vendors. But exporting/importing a key,<br>
> specially with the no-export attribute set, among vendors is not<br>
> available.<br>
<br>
I concur; moving keys not marked as CKA_EXTRACTABLE (at time of
generation) is generally not supported (due to FIPS requirements).<br>
<br>
    jakob<br>
<br>
-- <br>
Jakob Schlyter<br>
Kirei AB - <a href="http://www.kirei.se" rel="noreferrer" target="_blank">
www.kirei.se</a><br>
_______________________________________________<br>
ksk-rollover mailing list<br>
<a href="mailto:ksk-rollover at icann.org" target="_blank">
ksk-rollover at icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/ksk-rollover
" rel="noreferrer" target="_blank">
https://mm.icann.org/mailman/listinfo/ksk-rollover</a><br>
<br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of
your personal data for purposes of subscribing to this mailing list
accordance with the ICANN Privacy Policy (<a href="
https://www.icann.org/privacy/policy" rel="noreferrer" target="_blank">
https://www.icann.org/privacy/policy
</a>) and the website Terms of Service (<a href="
https://www.icann.org/privacy/tos" rel="noreferrer" target="_blank">
https://www.icann.org/privacy/tos
</a>). You can visit the Mailman link above to change your membership
status or configuration, including unsubscribing, setting digest-style
delivery or disabling delivery altogether (e.g., for a vacation), and
so on.<br>
</blockquote></div>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/ksk-rollover/attachments/20230806/5d608041/attachment.html>
More information about the ksk-rollover
mailing list