Re: PKCS#11 URI slot attributes & last call
Nico Williams <nico@cryptonector.com> Wed, 31 December 2014 07:03 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BD521A8A94; Tue, 30 Dec 2014 23:03:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.334
X-Spam-Level: *
X-Spam-Status: No, score=1.334 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uW9DXNmaEjjs; Tue, 30 Dec 2014 23:03:35 -0800 (PST)
Received: from homiemail-a32.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id E8D0B1A8A8D; Tue, 30 Dec 2014 23:03:34 -0800 (PST)
Received: from homiemail-a32.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a32.g.dreamhost.com (Postfix) with ESMTP id 8888E584065; Tue, 30 Dec 2014 23:03:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=N4mmWNknQi5g41zd4s+OVw1iBKg=; b=m2freedPunC o2G6v6IqnN5i6ElCB/FkD/Q7gk4Bd6ShH6MsoW7KIWm1Ci55AdsekgQSUjMXauCh qyBYsioKLwpSpJ4tfawcJHKFI7G62KxX3SAWirEA5Aq+Q5+AEYwuhD4XTyTh1IIz PLiFKq6u+NpxoUeXDPYONA4045i1CurI=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a32.g.dreamhost.com (Postfix) with ESMTPA id 09733584064; Tue, 30 Dec 2014 23:03:33 -0800 (PST)
Date: Wed, 31 Dec 2014 01:03:33 -0600
From: Nico Williams <nico@cryptonector.com>
To: Patrik Fältström <paf@frobbit.se>
Subject: Re: PKCS#11 URI slot attributes & last call
Message-ID: <20141231070328.GK24442@localhost>
References: <alpine.GSO.2.00.1412161359100.4549@keflavik> <CAB6OCMvGxT99cGGBSBbz=XU2+F1xRzBa97z6dY-qPSJk1GWXyQ@mail.gmail.com> <20141217230150.GB9443@localhost> <alpine.GSO.2.00.1412171513520.4549@keflavik> <CAK3OfOjnRCmiu-TKCJ-AFanpCsqnw1o2w_EC2AKMUnQ2A4DqVw@mail.gmail.com> <alpine.GSO.2.00.1412292234010.1509@keflavik> <CAK3OfOgm_ZYj-rY+4ExZzY8KY4G3rz2KLrZ8hQJi7ZUR4yiP0Q@mail.gmail.com> <alpine.GSO.2.00.1412300946340.4549@keflavik> <CAK3OfOha9qu=uDtqwDTdV78waLMaorYq0T6cq1YX3VzQn2OpKA@mail.gmail.com> <A4CC6CEC-D17E-4235-B615-9D2AD88096D4@frobbit.se>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
In-Reply-To: <A4CC6CEC-D17E-4235-B615-9D2AD88096D4@frobbit.se>
User-Agent: Mutt/1.5.21 (2010-09-15)
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/3NfeLNPIfNwgAK96-IfxyE7p6TE
Cc: Darren J Moffat <Darren.Moffat@oracle.com>, "saag@ietf.org" <saag@ietf.org>, Jan Pechanec <jan.pechanec@oracle.com>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Dec 2014 07:03:36 -0000
On Wed, Dec 31, 2014 at 07:29:47AM +0100, Patrik Fältström wrote: > > On 30 dec 2014, at 20:53, Nico Williams <nico@cryptonector.com> wrote: > > Better say > > nothing, because I think the thing to do is obvious enough, but if we > > must say anything, it's that the various strings (e.g., token manuf) > > are to be compared normalization-insensitively. > > Sorry, but I have not heard the term "normalization-insensitively" before. > > Can you explain what you mean? Notionally, if you're comparing two unnormalized strings, you could normalize both then compare the two normalized strings. Of course, that can be inefficient (e.g., if it means allocating memory, of if they will prove not equal in the first few codepoints) or infeasible (e.g., if one of the strings is actually a hashed key to a hash table). What you can for the first case is compare code-unit by code-unit, with a fast path for the cases that need no normalization, and normalizing one character (but possibly multiple codepoints, of course) at a time. This limits the total memory consumption, and anyways, for the common case you can often expect an inequality result long before you're done traversing the shorter string. This is (can be, if you do it right), of course, equivalent to normalizing both strings then comparing -- but it should usually be much faster. For the second case the thing to do is to normalize the key at hash time, naturally. [ZFS, incidentally, supports this for filesystem object names, and has for years now.] Now, PKCS#11 nowadays supports UTF-8 for things like "token label", but it doesn't say anything about form -- why should it (see below)? But where PKCS#11 URIs are intended to _match_ PKCS#11 resources by name... apps will need to care about normalization. In practice, like a great many applications, doing nothing about normalization will probably work fine (until the day that it doesn't). But saying anything about this could be tricky: what if there are two tokens with equivalent labels, just in different forms? Fortunately PKCS#11 URIs can match on more attributes than labels, so there's that. PKCS#11 should say "don't do that" or "don't do that, normalize to NFC" (or NFD, whatever), but doesn't (or I didn't find where it does, if it does), so the most that this document could say is "compare normalization-insensitively where possible". Nico --
- Re: slot attributes & last call Nico Williams
- Re: PKCS#11 URI slot attributes & last call Nico Williams
- Re: slot attributes & last call Nico Williams
- Re: slot attributes & last call Nico Williams
- Re: slot attributes & last call Nico Williams
- Re: PKCS#11 URI slot attributes & last call Nikos Mavrogiannopoulos
- Re: [saag] PKCS#11 URI slot attributes & last call Stephen Farrell
- Re: slot attributes & last call Nico Williams
- Re: PKCS#11 URI slot attributes & last call Jan Pechanec
- Re: slot attributes & last call Darren J Moffat
- Re: PKCS#11 URI slot attributes & last call Darren J Moffat
- Re: slot attributes & last call Jan Pechanec
- Re: PKCS#11 URI slot attributes & last call Jan Pechanec
- Re: PKCS#11 URI slot attributes & last call Jan Pechanec
- Re: PKCS#11 URI slot attributes & last call Jan Pechanec
- Re: slot attributes & last call Jan Pechanec
- Re: PKCS#11 URI slot attributes & last call Jan Pechanec
- Re: slot attributes & last call Jaroslav Imrich
- Re: slot attributes & last call Jaroslav Imrich
- Re: slot attributes & last call Nikos Mavrogiannopoulos
- Re: slot attributes & last call Jan Pechanec
- Re: [saag] PKCS#11 URI slot attributes & last call Henry B (Hank) Hotz, CISSP
- Re: [saag] PKCS#11 URI slot attributes & last call Nico Williams
- Re: PKCS#11 URI slot attributes & last call Nico Williams
- Re: [saag] PKCS#11 URI slot attributes & last call Jan Pechanec
- Re: PKCS#11 URI slot attributes & last call Jan Pechanec
- Re: PKCS#11 URI slot attributes & last call Nico Williams
- Re: PKCS#11 URI slot attributes & last call Nico Williams
- Re: [saag] PKCS#11 URI slot attributes & last call Nico Williams
- Re: PKCS#11 URI slot attributes & last call Patrik Fältström
- Re: PKCS#11 URI slot attributes & last call Nico Williams
- Re: PKCS#11 URI slot attributes & last call Patrik Fältström
- NF* (Re: PKCS#11 URI slot attributes & last call) Nico Williams
- Re: NF* (Re: PKCS#11 URI slot attributes & last c… Patrik Fältström
- Re: NF* (Re: PKCS#11 URI slot attributes & last c… Nico Williams
- Re: NF* (Re: PKCS#11 URI slot attributes & last c… Patrik Fältström
- Re: NF* (Re: PKCS#11 URI slot attributes & last c… Nico Williams
- i18n requirements (was: Re: NF* (Re: PKCS#11 URI … John C Klensin
- Re: i18n requirements (was: Re: NF* (Re: PKCS#11 … Nico Williams
- Re: PKCS#11 URI slot attributes & last call Jan Pechanec
- Re: [saag] PKCS#11 URI slot attributes & last call Jan Pechanec
- Re: [saag] PKCS#11 URI slot attributes & last call Nico Williams
- Re: PKCS#11 URI slot attributes & last call Jan Pechanec
- Re: PKCS#11 URI slot attributes & last call Jan Pechanec
- Re: [saag] PKCS#11 URI slot attributes & last call Jan Pechanec
- Re: i18n requirements (was: Re: NF* (Re: PKCS#11 … Nico Williams
- Re: i18n requirements (was: Re: NF* (Re: PKCS#11 … Patrik Fältström
- Re: i18n requirements (was: Re: NF* (Re: PKCS#11 … John C Klensin
- Re: i18n requirements (was: Re: NF* (Re: PKCS#11 … Patrik Fältström
- Re: i18n requirements (was: Re: NF* (Re: PKCS#11 … Nico Williams
- Re: i18n requirements (was: Re: NF* (Re: PKCS#11 … Jan Pechanec
- Re: NF* (Re: PKCS#11 URI slot attributes & last c… Jan Pechanec
- Re: NF* (Re: PKCS#11 URI slot attributes & last c… Nico Williams
- Re: i18n requirements (was: Re: NF* (Re: PKCS#11 … Jan Pechanec
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Jan Pechanec
- RE: [saag] i18n requirements (was: Re: NF* (Re: P… Christian Huitema
- RE: [saag] i18n requirements (was: Re: NF* (Re: P… Jan Pechanec
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Jaroslav Imrich
- Re: i18n requirements (was: Re: NF* (Re: PKCS#11 … Jan Pechanec
- Re: i18n requirements (was: Re: NF* (Re: PKCS#11 … Jan Pechanec
- Re: i18n requirements (was: Re: NF* (Re: PKCS#11 … John C Klensin
- My IESG Eval for draft-pechanec-pkcs11uri-19 (Was… Pete Resnick
- Re: My IESG Eval for draft-pechanec-pkcs11uri-19 … John C Klensin