Re: [saag] PKCS#11 URI slot attributes & last call

Nico Williams <nico@cryptonector.com> Wed, 31 December 2014 04:12 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 293041A8A75 for <ietf@ietfa.amsl.com>; Tue, 30 Dec 2014 20:12:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.044
X-Spam-Level:
X-Spam-Status: No, score=-1.044 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yoPO1myq1zLM for <ietf@ietfa.amsl.com>; Tue, 30 Dec 2014 20:12:04 -0800 (PST)
Received: from homiemail-a24.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id B7C681A1A04 for <ietf@ietf.org>; Tue, 30 Dec 2014 20:12:04 -0800 (PST)
Received: from homiemail-a24.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a24.g.dreamhost.com (Postfix) with ESMTP id 4B6AE2C806C for <ietf@ietf.org>; Tue, 30 Dec 2014 20:12:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=x3wKi/EVkPVqkOdke75M U283deI=; b=NABfbm8WOPbPv5vOG4Q0nMNY9/B6OzPlx4ztY+GbodI7eliDV7Vz 5mlzfm54Ux62vrrPqEN3NuTo/7IE1uJnXCGuhQozoXUoz5pY93ZZd67vBPioEPTL LUBRpraVPCNTRY2IYzslvZ+7DK3MlI94ZPI8i0HfBC0u2sxgLYPnHSw=
Received: from mail-wi0-f180.google.com (mail-wi0-f180.google.com [209.85.212.180]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a24.g.dreamhost.com (Postfix) with ESMTPSA id 19B822C806B for <ietf@ietf.org>; Tue, 30 Dec 2014 20:12:04 -0800 (PST)
Received: by mail-wi0-f180.google.com with SMTP id n3so24957773wiv.13 for <ietf@ietf.org>; Tue, 30 Dec 2014 20:12:03 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.194.88.228 with SMTP id bj4mr124908977wjb.18.1419999123049; Tue, 30 Dec 2014 20:12:03 -0800 (PST)
Received: by 10.217.7.206 with HTTP; Tue, 30 Dec 2014 20:12:02 -0800 (PST)
In-Reply-To: <alpine.GSO.2.00.1412301453260.4549@keflavik>
References: <20141218004717.GN9443@localhost> <alpine.GSO.2.00.1412171704530.4549@keflavik> <20141218012300.GP9443@localhost> <alpine.GSO.2.00.1412172154150.14405@rejewski> <1418900792.7577.5.camel@gnutls.org> <5492B941.3030408@Oracle.COM> <30738721-F5A2-4485-84AC-573AD9113699@oxy.edu> <20141220000456.GC12662@localhost> <alpine.GSO.2.00.1412192326150.22104@keflavik> <alpine.GSO.2.00.1412292240250.1509@keflavik> <20141230081415.GH24442@localhost> <alpine.GSO.2.00.1412301453260.4549@keflavik>
Date: Tue, 30 Dec 2014 22:12:02 -0600
Message-ID: <CAK3OfOigzaY1M24xAzez3ep-aUR65OUML5A=awck8H5DzNOZPQ@mail.gmail.com>
Subject: Re: [saag] PKCS#11 URI slot attributes & last call
From: Nico Williams <nico@cryptonector.com>
To: Jan Pechanec <jan.pechanec@oracle.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/E-mmMl_wec9fCY23gYKRVsJ3yN8
Cc: Darren J Moffat <Darren.Moffat@oracle.com>, Shawn Emery <shawn.emery@oracle.com>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Dec 2014 04:12:09 -0000

On Tue, Dec 30, 2014 at 5:07 PM, Jan Pechanec <jan.pechanec@oracle.com> wrote:
> On Tue, 30 Dec 2014, Nico Williams wrote:
>>As to how to say anything about this, here's what comes to mind:
>>
>>   Given a PKCS#11 URI template [RFC6570], an application MAY support
>>   listing URIs of PKCS#11 resources such that the resulting URIs can
>>   later be used to access the same resources if the template captured
>>   the necessary context.
>
>         I like the use of the templates.  I just quickly read through
> the RFC.  It looks that, for example, when generating a key pair, the
> application could support a default template with empty variables
> which would be used to optionally list a URI based on the
> CK_OBJECT_HANDLE of the generated key pair.  And it could accept a
> different one to override the default.  As mentioned above, I'd like
> to explicitly express that URI list is context specific.  I slightly
> modified the paragraph above:
>
>         When listing URIs of PKCS#11 resources the exact set of
>         attributes used in a URI is inherently context specific.  A
>         PKCS#11 URI template [RFC6570] support MAY be provided by a
>         URI generating application to list URIs to access the same
>         resource(s) again if the template captured the necessary
>         context.

Excellent.

>         I think we wouldn't need to say more about the matter.

Agreed.

Nico
--