IETF Logo Mail Archive

Re: [Uri-review] PKCS#11 URI registration request review

Darren J Moffat <Darren.Moffat@Oracle.COM> Tue, 12 February 2013 10:12 UTC

Return-Path: <Darren.Moffat@Oracle.COM>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BD9021F8C31 for <uri-review@ietfa.amsl.com>; Tue, 12 Feb 2013 02:12:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.399
X-Spam-Level:
X-Spam-Status: No, score=-5.399 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_102=0.6, J_CHICKENPOX_93=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A3rQxvVHuVMs for <uri-review@ietfa.amsl.com>; Tue, 12 Feb 2013 02:12:15 -0800 (PST)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id 440D921F8C1E for <uri-review@ietf.org>; Tue, 12 Feb 2013 02:12:15 -0800 (PST)
Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r1CACDTe024520 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 12 Feb 2013 10:12:14 GMT
Received: from acsmt356.oracle.com (acsmt356.oracle.com [141.146.40.156]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r1CACCYC018548 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 12 Feb 2013 10:12:13 GMT
Received: from abhmt110.oracle.com (abhmt110.oracle.com [141.146.116.62]) by acsmt356.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id r1CACCfV032550; Tue, 12 Feb 2013 04:12:12 -0600
Received: from [10.163.198.80] (/10.163.198.80) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 12 Feb 2013 02:12:12 -0800
Message-ID: <511A157B.2010601@Oracle.COM>
Date: Tue, 12 Feb 2013 10:12:11 +0000
From: Darren J Moffat <Darren.Moffat@Oracle.COM>
Organization: Oracle Solaris Security
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:10.0.11) Gecko/20121204 Thunderbird/10.0.11
MIME-Version: 1.0
To: Larry Masinter <masinter@adobe.com>
References: <alpine.GSO.2.00.1301261430001.28908@rejewski> <alpine.GSO.2.00.1302081722560.7401@rejewski> <C68CB012D9182D408CED7B884F441D4D1E403191B4@nambxv01a.corp.adobe.com>
In-Reply-To: <C68CB012D9182D408CED7B884F441D4D1E403191B4@nambxv01a.corp.adobe.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Source-IP: acsinet21.oracle.com [141.146.126.237]
X-Mailman-Approved-At: Tue, 12 Feb 2013 08:13:29 -0800
Cc: "uri-review@ietf.org" <uri-review@ietf.org>, Jan Pechanec <jan.pechanec@Oracle.COM>
Subject: Re: [Uri-review] PKCS#11 URI registration request review
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uri-review>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2013 10:12:16 -0000

On 02/11/13 23:07, Larry Masinter wrote:
> It's completely unclear to me what advantage you get from having this stuff packed into a URI rather than some XML/JSON data structure, which would more easily address the I18N and other issues.
> It seems like the applicability of this "scheme" is to fit into a "URI" slot in some protocol that doesn't need to be a URI but just some other kind of Identifier.


A URI is easily specified in a configuration file or a configuration 
property of something else.

We already use the PKCS#11 URI syntax in Solaris in a number of places.

Our PKCS#11 OpenSSL ENGINE uses it for locating RSA/DSA priviate keys in 
PKCS#11 tokens.

You can use a PKCS#11 URI as the location of a wrapping key in a ZFS 
dataset property.  XML/JSON would be highly in appropriate there. eg:

  # zfs create -o encryption=on \
    -o keysource=raw,pkcs11:token=KMS;object=MyKey

Admins aren't going to hand craft XML/JSON in either of these cases.


> I'm willing to believe there's a justification and that the document just doesn't give it.
>
>
>
>> -----Original Message-----
>> From: uri-review-bounces@ietf.org [mailto:uri-review-bounces@ietf.org] On
>> Behalf Of Jan Pechanec
>> Sent: Friday, February 08, 2013 5:29 PM
>> To: uri-review@ietf.org
>> Cc: Darren.Moffat@oracle.com
>> Subject: Re: [Uri-review] PKCS#11 URI registration request review
>>
>> On Sat, 26 Jan 2013, Jan Pechanec wrote:
>>
>> 	hi, the section 5.2 of RFC 4395 notes "Allow a reasonable time
>> for discussion and comments. Four weeks is reasonable for a permanent
>> registration requests."
>>
>> 	I will wait for two more weeks if there is any feedback (which
>> would be greatly appreciated) to make it 4 weeks in total, and if there
>> is none I will continue with the next step, which is the submission to
>> iana@iana.org.
>>
>> 	regards, Jan.
>>
>>> 	hello,
>>>
>>> 	in accordance with section "5.2. Registration Procedures" of RFC
>>> 4395 "Guidelines and Registration Procedures for New URI Schemes", I
>>> respectfully request a review for our planned permanent registration
>>> request of the PKCS#11 URI as specified in the following I-D:
>>>
>>> 	http://tools.ietf.org/html/draft-pechanec-pkcs11uri-08
>>>
>>> 	the registration template is attached.
>>>
>>> 	best regards, Jan Pechanec
>>>
>>>
>>
>> --
>> Jan Pechanec
>> http://blogs.oracle.com/janp
>> _______________________________________________
>> Uri-review mailing list
>> Uri-review@ietf.org
>> https://www.ietf.org/mailman/listinfo/uri-review

-- 
Darren J Moffat

v2.23.0 | Report a Bug | By Email