Re: [Uri-review] PKCS#11 URI registration request review

Larry Masinter <masinter@adobe.com> Mon, 04 March 2013 10:37 UTC

Return-Path: <masinter@adobe.com>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C71B21F893D for <uri-review@ietfa.amsl.com>; Mon, 4 Mar 2013 02:37:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XuFT3CV-EmS5 for <uri-review@ietfa.amsl.com>; Mon, 4 Mar 2013 02:37:10 -0800 (PST)
Received: from exprod6og104.obsmtp.com (exprod6og104.obsmtp.com [64.18.1.187]) by ietfa.amsl.com (Postfix) with ESMTP id 7CA4D21F8937 for <uri-review@ietf.org>; Mon, 4 Mar 2013 02:37:10 -0800 (PST)
Received: from outbound-smtp-1.corp.adobe.com ([192.150.11.134]) by exprod6ob104.postini.com ([64.18.5.12]) with SMTP ID DSNKUTR5VUHrPsjTA5/FXZP1Z64mJG9sD75g@postini.com; Mon, 04 Mar 2013 02:37:10 PST
Received: from inner-relay-4.eur.adobe.com (inner-relay-4.adobe.com [193.104.215.14]) by outbound-smtp-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id r24AY21v019534; Mon, 4 Mar 2013 02:34:03 -0800 (PST)
Received: from nacas03.corp.adobe.com (nacas03.corp.adobe.com [10.8.189.121]) by inner-relay-4.eur.adobe.com (8.12.10/8.12.9) with ESMTP id r24Ab7XL024900; Mon, 4 Mar 2013 02:37:07 -0800 (PST)
Received: from nambxv01a.corp.adobe.com ([10.8.189.95]) by nacas03.corp.adobe.com ([10.8.189.121]) with mapi; Mon, 4 Mar 2013 02:37:06 -0800
From: Larry Masinter <masinter@adobe.com>
To: Jan Pechanec <jan.pechanec@oracle.com>
Date: Mon, 4 Mar 2013 02:37:04 -0800
Thread-Topic: [Uri-review] PKCS#11 URI registration request review
Thread-Index: Ac4JQJSI7aW7x7FTQ+2y+dZosWGNxAPg3Khg
Message-ID: <C68CB012D9182D408CED7B884F441D4D1E880CA3DA@nambxv01a.corp.adobe.com>
References: <alpine.GSO.2.00.1301261430001.28908@rejewski> <alpine.GSO.2.00.1302081722560.7401@rejewski> <C68CB012D9182D408CED7B884F441D4D1E403191B4@nambxv01a.corp.adobe.com> <alpine.GSO.2.00.1302111531110.11187@rejewski>
In-Reply-To: <alpine.GSO.2.00.1302111531110.11187@rejewski>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "Darren.Moffat@oracle.com" <Darren.Moffat@oracle.com>, "uri-review@ietf.org" <uri-review@ietf.org>
Subject: Re: [Uri-review] PKCS#11 URI registration request review
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uri-review>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2013 10:37:12 -0000

>	please let me know if the explanation above answers the concerns 
> you raised and whether you think I need to update the draft accordingly.

I think you've given ample material; if you update the draft and
get re-review that would be great, I think.

> -----Original Message-----
> From: Jan Pechanec [mailto:jan.pechanec@oracle.com]
> Sent: Tuesday, February 12, 2013 8:48 AM
> To: Larry Masinter
> Cc: uri-review@ietf.org; Darren.Moffat@oracle.com
> Subject: RE: [Uri-review] PKCS#11 URI registration request review
> 
> On Mon, 11 Feb 2013, Larry Masinter wrote:
> 
> >It's completely unclear to me what advantage you get from having this
> >stuff packed into a URI rather than some XML/JSON data structure, which
> >would more easily address the I18N and other issues. It seems like the
> >applicability of this "scheme" is to fit into a "URI" slot in some
> >protocol that doesn't need to be a URI but just some other kind of
> >Identifier.
> 
> 	 hi, while we don't want to limit its use, the primary objective
> is to use it as a simple string-based user-defined public/private key or
> an X.509 certificate identifier directly used by an application
> supporting PKCS#11 tokens. I can see that Darren already gave an example
> of its use in ZFS crypto in his reply.
> 
> 	to address the I18N concern, the PKCS#11 specification allows
> UTF8 in most of the fields used in the scheme so we must support it, and
> while it would be easier to deal with it in XML/JSON, experience shows
> that it's not much of a concern as plain ASCII is being used while users
> benefit from the simple string format.
> 
> 	I expect that the most common use of the identifier will be as a
> parameter value on a command line. To give you an idea what applications
> (and libraries) have already adopted it and use it as defined in the
> draft, there is a list of those I know of:
> 
> GnuTLS
> 	- GNU Transport Layer Security Library
> 	- www.gnutls.org
> Gnome
> 	- by gnome-keyring since version 3.3.5
> 	- http://developer.gnome.org/gck/3.6/gck-PKCS11-URIs.html
> p11-kit
> 	- kit for unification of PKCS#11 modules
> 	- http://cgit.freedesktop.org/p11-glue/p11-kit
> OpenSC
> 	- tools and libraries for smart cards
> 	- https://www.opensc-project.org/opensc
> 	- via p11-kit
> Solaris 11
> 	- for referencing keys in ZFS filesystem encryption
> 	- SunSSH to reference keys/certs used in the X.509 based
> 	  authentication
> OpenConnect
> 	- client for Cisco's AnyConnect SSL VPN
> 	- http://www.infradead.org/openconnect/
> 	- via pk11-kit
> 
> 	Google search shows other communities or projects discussing or
> planning to use the scheme:
> 
> Fedora
> 	https://fedoraproject.org/wiki/PackagingDrafts/PKCS11
> GnuPG
> 	via GnuTLS
> 
> >I'm willing to believe there's a justification and that the document
> >just doesn't give it.
> 
> 	please let me know if the explanation above answers the concerns
> you raised and whether you think I need to update the draft accordingly.
> 
> 	regards, Jan.
> 
> 
> >> -----Original Message-----
> >> From: uri-review-bounces@ietf.org [mailto:uri-review-bounces@ietf.org]
> On
> >> Behalf Of Jan Pechanec
> >> Sent: Friday, February 08, 2013 5:29 PM
> >> To: uri-review@ietf.org
> >> Cc: Darren.Moffat@oracle.com
> >> Subject: Re: [Uri-review] PKCS#11 URI registration request review
> >>
> >> On Sat, 26 Jan 2013, Jan Pechanec wrote:
> >>
> >> 	hi, the section 5.2 of RFC 4395 notes "Allow a reasonable time
> >> for discussion and comments. Four weeks is reasonable for a permanent
> >> registration requests."
> >>
> >> 	I will wait for two more weeks if there is any feedback (which
> >> would be greatly appreciated) to make it 4 weeks in total, and if there
> >> is none I will continue with the next step, which is the submission to
> >> iana@iana.org.
> >>
> >> 	regards, Jan.
> >>
> >> >	hello,
> >> >
> >> >	in accordance with section "5.2. Registration Procedures" of RFC
> >> >4395 "Guidelines and Registration Procedures for New URI Schemes", I
> >> >respectfully request a review for our planned permanent registration
> >> >request of the PKCS#11 URI as specified in the following I-D:
> >> >
> >> >	http://tools.ietf.org/html/draft-pechanec-pkcs11uri-08
> >> >
> >> >	the registration template is attached.
> >> >
> >> >	best regards, Jan Pechanec
> >> >
> >> >
> >>
> >> --
> >> Jan Pechanec
> >> http://blogs.oracle.com/janp
> >> _______________________________________________
> >> Uri-review mailing list
> >> Uri-review@ietf.org
> >> https://www.ietf.org/mailman/listinfo/uri-review
> >
> 
> --
> Jan Pechanec <jan.pechanec@oracle.com>;