Re: [Uri-review] PKCS#11 URI registration request review
Jan Pechanec <jan.pechanec@oracle.com> Tue, 12 February 2013 16:47 UTC
Return-Path: <jan.pechanec@oracle.com>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CEA121F8F7E for <uri-review@ietfa.amsl.com>; Tue, 12 Feb 2013 08:47:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nHLsUncVw8jz for <uri-review@ietfa.amsl.com>; Tue, 12 Feb 2013 08:47:02 -0800 (PST)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id 585D621F8F7D for <uri-review@ietf.org>; Tue, 12 Feb 2013 08:47:00 -0800 (PST)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r1CGkv9h025353 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 12 Feb 2013 16:46:57 GMT
Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r1CGkuxd009978 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 12 Feb 2013 16:46:56 GMT
Received: from abhmt105.oracle.com (abhmt105.oracle.com [141.146.116.57]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id r1CGkueM020658; Tue, 12 Feb 2013 10:46:56 -0600
Received: from rejewski.us.oracle.com (/10.132.148.23) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 12 Feb 2013 08:46:55 -0800
Date: Tue, 12 Feb 2013 08:48:03 -0800
From: Jan Pechanec <jan.pechanec@oracle.com>
X-X-Sender: jpechane@rejewski
To: Larry Masinter <masinter@adobe.com>
In-Reply-To: <C68CB012D9182D408CED7B884F441D4D1E403191B4@nambxv01a.corp.adobe.com>
Message-ID: <alpine.GSO.2.00.1302111531110.11187@rejewski>
References: <alpine.GSO.2.00.1301261430001.28908@rejewski> <alpine.GSO.2.00.1302081722560.7401@rejewski> <C68CB012D9182D408CED7B884F441D4D1E403191B4@nambxv01a.corp.adobe.com>
User-Agent: Alpine 2.00 (GSO 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Cc: "Darren.Moffat@oracle.com" <Darren.Moffat@oracle.com>, "uri-review@ietf.org" <uri-review@ietf.org>
Subject: Re: [Uri-review] PKCS#11 URI registration request review
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uri-review>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2013 16:47:04 -0000
On Mon, 11 Feb 2013, Larry Masinter wrote: >It's completely unclear to me what advantage you get from having this >stuff packed into a URI rather than some XML/JSON data structure, which >would more easily address the I18N and other issues. It seems like the >applicability of this "scheme" is to fit into a "URI" slot in some >protocol that doesn't need to be a URI but just some other kind of >Identifier. hi, while we don't want to limit its use, the primary objective is to use it as a simple string-based user-defined public/private key or an X.509 certificate identifier directly used by an application supporting PKCS#11 tokens. I can see that Darren already gave an example of its use in ZFS crypto in his reply. to address the I18N concern, the PKCS#11 specification allows UTF8 in most of the fields used in the scheme so we must support it, and while it would be easier to deal with it in XML/JSON, experience shows that it's not much of a concern as plain ASCII is being used while users benefit from the simple string format. I expect that the most common use of the identifier will be as a parameter value on a command line. To give you an idea what applications (and libraries) have already adopted it and use it as defined in the draft, there is a list of those I know of: GnuTLS - GNU Transport Layer Security Library - www.gnutls.org Gnome - by gnome-keyring since version 3.3.5 - http://developer.gnome.org/gck/3.6/gck-PKCS11-URIs.html p11-kit - kit for unification of PKCS#11 modules - http://cgit.freedesktop.org/p11-glue/p11-kit OpenSC - tools and libraries for smart cards - https://www.opensc-project.org/opensc - via p11-kit Solaris 11 - for referencing keys in ZFS filesystem encryption - SunSSH to reference keys/certs used in the X.509 based authentication OpenConnect - client for Cisco's AnyConnect SSL VPN - http://www.infradead.org/openconnect/ - via pk11-kit Google search shows other communities or projects discussing or planning to use the scheme: Fedora https://fedoraproject.org/wiki/PackagingDrafts/PKCS11 GnuPG via GnuTLS >I'm willing to believe there's a justification and that the document >just doesn't give it. please let me know if the explanation above answers the concerns you raised and whether you think I need to update the draft accordingly. regards, Jan. >> -----Original Message----- >> From: uri-review-bounces@ietf.org [mailto:uri-review-bounces@ietf.org] On >> Behalf Of Jan Pechanec >> Sent: Friday, February 08, 2013 5:29 PM >> To: uri-review@ietf.org >> Cc: Darren.Moffat@oracle.com >> Subject: Re: [Uri-review] PKCS#11 URI registration request review >> >> On Sat, 26 Jan 2013, Jan Pechanec wrote: >> >> hi, the section 5.2 of RFC 4395 notes "Allow a reasonable time >> for discussion and comments. Four weeks is reasonable for a permanent >> registration requests." >> >> I will wait for two more weeks if there is any feedback (which >> would be greatly appreciated) to make it 4 weeks in total, and if there >> is none I will continue with the next step, which is the submission to >> iana@iana.org. >> >> regards, Jan. >> >> > hello, >> > >> > in accordance with section "5.2. Registration Procedures" of RFC >> >4395 "Guidelines and Registration Procedures for New URI Schemes", I >> >respectfully request a review for our planned permanent registration >> >request of the PKCS#11 URI as specified in the following I-D: >> > >> > http://tools.ietf.org/html/draft-pechanec-pkcs11uri-08 >> > >> > the registration template is attached. >> > >> > best regards, Jan Pechanec >> > >> > >> >> -- >> Jan Pechanec >> http://blogs.oracle.com/janp >> _______________________________________________ >> Uri-review mailing list >> Uri-review@ietf.org >> https://www.ietf.org/mailman/listinfo/uri-review > -- Jan Pechanec <jan.pechanec@oracle.com>
- Re: [Uri-review] PKCS#11 URI registration request… Ted Hardie
- [Uri-review] PKCS#11 URI registration request rev… Jan Pechanec
- Re: [Uri-review] PKCS#11 URI registration request… Jan Pechanec
- Re: [Uri-review] PKCS#11 URI registration request… Ted Hardie
- Re: [Uri-review] PKCS#11 URI registration request… Larry Masinter
- Re: [Uri-review] PKCS#11 URI registration request… Darren J Moffat
- Re: [Uri-review] PKCS#11 URI registration request… Jan Pechanec
- Re: [Uri-review] PKCS#11 URI registration request… Jan Pechanec
- Re: [Uri-review] PKCS#11 URI registration request… Jan Pechanec
- Re: [Uri-review] PKCS#11 URI registration request… Jan Pechanec
- Re: [Uri-review] PKCS#11 URI registration request… Larry Masinter
- Re: [Uri-review] PKCS#11 URI registration request… Ted Hardie
- Re: [Uri-review] PKCS#11 URI registration request… Jan Pechanec
- Re: [Uri-review] PKCS#11 URI registration request… Jan Pechanec
- Re: [Uri-review] PKCS#11 URI registration request… Larry Masinter
- Re: [Uri-review] PKCS#11 URI registration request… Jan Pechanec
- Re: [Uri-review] PKCS#11 URI registration request… Jan Pechanec
- Re: [Uri-review] PKCS#11 URI registration request… Jan Pechanec