<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:29:48 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-53056] Call KMIP Deactivate when rotating encryption keys</title>
                <link>https://jira.mongodb.org/browse/SERVER-53056</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;When a Master key is rotated by the MongoDB Enterprise using the command&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;mongod --enableEncryption --kmipRotateMasterKey \&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; --kmipServerName &amp;lt;KMIP Server HostName&amp;gt; \&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; --kmipServerCAFile ca.pem --kmipClientCertificateFile client.pem&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;the KMIP Client in it does not deactivate the master key which it was using prior to the rotation and the old key is left as a stale entry in the server.&lt;/p&gt;

&lt;p&gt;Also, please confirm if it has to be removed ideally or whether its retained for any specific reason.&lt;/p&gt;

&lt;p&gt;Added content from &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-53055&quot; title=&quot;Master keys not activated in KMIP server by MongoDB Enterprise&amp;#39;s KMIP Client&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-53055&quot;&gt;&lt;del&gt;SERVER-53055&lt;/del&gt;&lt;/a&gt;:&lt;/p&gt;

&lt;p&gt;only two KMIP operations listed below are performed by the KMIP Client in MongoDB Enterprise.&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;Create&lt;/li&gt;
	&lt;li&gt;Get&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="1550823">SERVER-53056</key>
            <summary>Call KMIP Deactivate when rotating encryption keys</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="10038" iconUrl="https://jira.mongodb.org/images/icons/subtask.gif" description="">Backlog</status>
                    <statusCategory id="2" key="new" colorName="default"/>
                                    <resolution id="-1">Unresolved</resolution>
                                        <assignee username="backlog-server-security">Backlog - Security Team</assignee>
                                    <reporter username="sreekarthik.ramalingam@appviewx.com">Sreekarthik Ramalingam</reporter>
                        <labels>
                    </labels>
                <created>Tue, 24 Nov 2020 12:24:46 +0000</created>
                <updated>Tue, 6 Dec 2022 01:43:22 +0000</updated>
                                                                            <component>Security</component>
                                        <votes>0</votes>
                                    <watches>7</watches>
                                                                                                                <comments>
                            <comment id="3547537" author="sara.williamson" created="Mon, 4 Jan 2021 19:23:30 +0000"  >&lt;p&gt;Hi Sreekarthik,&lt;/p&gt;

&lt;p&gt;Thank you for filing this ticket. We will consider it alongside &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-23607&quot; title=&quot;Call KMIP Activate when creating new encryption keys&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-23607&quot;&gt;&lt;del&gt;SERVER-23607&lt;/del&gt;&lt;/a&gt;.&lt;/p&gt;</comment>
                            <comment id="3509441" author="eric.sedor" created="Mon, 30 Nov 2020 22:36:59 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=sreekarthik.ramalingam%40appviewx.com&quot; class=&quot;user-hover&quot; rel=&quot;sreekarthik.ramalingam@appviewx.com&quot;&gt;sreekarthik.ramalingam@appviewx.com&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Thanks for writing. We are tracking the need to call activate in &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-23607&quot; title=&quot;Call KMIP Activate when creating new encryption keys&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-23607&quot;&gt;&lt;del&gt;SERVER-23607&lt;/del&gt;&lt;/a&gt;. Rather than close this ticket as a duplicate of that ticket, I&apos;m going to preserve the original emphasis on deactivation in this ticket, and will pass this on to an appropriate team for consideration.&lt;/p&gt;

&lt;p&gt;Gratefully,&lt;br/&gt;
Eric&lt;/p&gt;</comment>
                            <comment id="3508255" author="JIRAUSER1257762" created="Mon, 30 Nov 2020 15:11:20 +0000"  >&lt;p&gt;Team,&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Please change the subject of the ticket to : &quot;&lt;b&gt;Master keys in KMIP Server are neither activated before using them for Cryptographic operations, nor deactivated after a key rotation&lt;/b&gt;&quot;, as activation of the Master Keys gain more prominence than deactivation.&lt;/p&gt;</comment>
                            <comment id="3508233" author="JIRAUSER1257762" created="Mon, 30 Nov 2020 15:03:03 +0000"  >&lt;p&gt;&lt;a href=&quot;https://docs.oasis-open.org/kmip/kmip-spec/v2.0/os/kmip-spec-v2.0-os.html#_Toc6497510&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;OASIS spec for KMIP&lt;/a&gt; clearly states that objects existing in &lt;b&gt;Pre Active&lt;/b&gt; state should not be used for any Cryptographic purposes, but the KMIP Client in MongoDB Enterprise just performs a &lt;b&gt;Create&lt;/b&gt; operation and does not perform &lt;b&gt;Activate&lt;/b&gt; operation but uses the Symmetric Key in &lt;b&gt;Pre Active&lt;/b&gt; state for encryption/decryption of data encryption keys.&lt;/p&gt;

&lt;p&gt;&lt;span class=&quot;image-wrap&quot; style=&quot;&quot;&gt;&lt;img src=&quot;https://jira.mongodb.org/secure/attachment/289194/289194_Screenshot+from+2020-11-30+20-30-02.png&quot; style=&quot;border: 0px solid black&quot; /&gt;&lt;/span&gt;&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                            <attachment id="289194" name="Screenshot from 2020-11-30 20-30-02.png" size="111636" author="sreekarthik.ramalingam@appviewx.com" created="Mon, 30 Nov 2020 15:01:13 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_12751" key="com.atlassian.jira.plugin.system.customfieldtypes:multiselect">
                        <customfieldname>Assigned Teams</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="25129"><![CDATA[Server Security]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 27 Nov 2020 00:31:49 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        3 years, 5 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>alexander.golin@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            3 years, 5 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>backlog-server-security</customfieldvalue>
            <customfieldvalue>eric.sedor@mongodb.com</customfieldvalue>
            <customfieldvalue>sara.williamson@mongodb.com</customfieldvalue>
            <customfieldvalue>sreekarthik.ramalingam@appviewx.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hyiuyf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hy4u67:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="5522">Security 2021-11-15</customfieldvalue>
    <customfieldvalue id="5523">Security 2021-11-29</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                    <customfieldvalue><![CDATA[eric.sedor@mongodb.com]]></customfieldvalue>
    

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hyih7r:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>