Re: [pkcs11] Groups - Add KEM APIs to PKCS #11, Trust Objects draft 2

[Robert Relyea <rrelyea@redhat.com>]

On 2/14/23 12:14 PM, Michael Markowitz wrote:

A few more nits in pkcs11_key.pdf (assuming they havenât already been picked up)

    Thanks, fixing these kinds of things helps reduce the load on the
    editors (as well as reduce or review load on 3.2 when we move it to
    draft standard)!

Â

Section

1.2ÂÂÂÂÂÂÂÂ âCKA_ENCASPULATEâ Meaning entry in the table contains âused to inâ;

âcipher textâ should be one word

    Done

1.3.1 ÂÂÂ talks about a new âsecret key object,â but nowhere is the term âshared secretâ used; based on the recent draft-housley-lamps-cms-kemri-01, I think it would be wise to make this connection with âstandard terminologyâ somehow;

    The 'secret key object' here is the PKCS #11 object type (secret
    key), so it's a appropriate to keep this, I've tried to add
    additional text which identified the secret key object with the KEM
    'shared key'.

again âcipher textâ should be one word;

âand encapsulate operationâ should be âa prior encapsulate operation with the corresponding public keyâ (or something to that effect);

âthe theâ

    Thanks updated in draft 2.

Â

pkcs11_trust_object.pdf: Obvious nits are that fonts are inconsistent in the table of section 1.1.2 and that punctuation in the list of âfinal attributesâ on p. 5 varies as you go down the list; the list might be easier to read as a table.

Â

I did have some substantive suggestions for improving the text from âApplications choose whichââ on page 4 through âwith the trust objectâ on p. 5, but lost them in an Acrobat crash! I will try to resurrect that.

Â

-mjm

Â

Â