[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] pkcs11-global-objects.docx: CKA_GLOBAL
On 7/3/2013 3:23 AM, Oscar K So Jr.
wrote:
Michael, Sorry - I'm having problems understanding what you mean by the question. Let me take a try at it. CKA_GLOBAL is just another classifier attribute - probably closest to CKA_CLASS in the way it might be used. Existing token objects are all within the domain of the token user (e.g. they go away when the token is re-initialized, or when the session ends). This provides a marker mechanism to mark objects with scope that's closer to the token implementation rather than to a specific token instantiation (e.g. to associate them with the life cycle between manufacture and destruction rather than the part of the life cycle between calls to C_InitToken and C_Zeroize). If you look at the documentation for the Trusted Platform Module you'll see descriptions of keys and objects that belong to the TPM rather than to any individual using the TPM (e.g. the Endorsement Key and the EK Certificate, the platform certificate, etc). There is no current way in PKCS11 of getting similar semantics or objects. Mike
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]