OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: General comments on Public Review Draft 01


Hello all,

I did not have enough time to read all the documents carefully but here are some of my findings. I hope there will be another public review that I will be able to join right on time.

[PKCS11-base]
*******************************
01. Chapter 4.6.2 contains abbreviation "CDF" that is not present in Definitions (chapter 1.2).
02. Chapter 4.8 states that "The encodings for the subjectPublicKey field are specified in the description of the public key types in the appropriate [Mechanisms] document ...", but as it was already stated in other thread specifications of the subjectPublicKey field are missing in [PKCS11-curr].
03. Reference "[Mechanisms]" in chapter 4.8 seems to be undefined.
04. Maybe it could be clarified in chapter 4.12.2 what is the difference between calling C_GetMechanismList() and searching for mechnism objects? Should the results of these operations be the same?

[PKCS11-curr]
*******************************
05. Maybe information that C_GetMechanismInfo() retrieves list of operations supported for a given mechanism by a particular token could be added in the second paragraph of chapter 2? It should be available in CK_MECHANISM_INFO.flags.
06. In chapter 2.1.2 and other multiple places there is a reference "Refer to [PKCS #11-Base] table 15 for footnotes". I believe it should be table 10 in v2.40.
07. Text in [PKCS11-curr] chapter 2.1.3 is inconsistent with the text in [PKCS11-base] chapter 4.9.1 which refers to "CKA_PUBLIC_EXPONENT" as mandatory for RSA private key objects. Maybe chapter 4.9.1 should be removed from [PKCS11-base] and merged into chapter 2.1.3 of [PKCS11-curr]?
08. Maybe chapter 2.1.15 could be merged with chapter 2.1.14 and similarly chapter 2.1.16 merged with chapter 2.1.17 ? They seem identical to me (unless there is something special about SHA-224 that I am missing).
09. Maybe headers of chapters 2.3.X could be unified. Currently some of them refer to "EC", others to "ECDSA", "Elliptic curve" etc.
10. Chapter 2.5 contains information generally useful for any wrapping/unwrapping mechanism. Maybe it could be moved before the chapter 2.1 that describes RSA mechanisms and/or it could be at least referenced in the sections describing any wrapping/unwrapping mechanism.
11. Mechanism CKM_AES_KEY_WRAP_PAD is defined in chapter 2.17 along with the statement "The mechanisms will accept an optional mechanism parameter as the Initialization vector...". This mechanism is referenced as a part of mechanisms CKM_RSA_AES_KEY_WRAP and CKM_ECDH_AES_KEY_WRAP but there is no member in CK_RSA_AES_KEY_WRAP_PARAMS and CK_ECDH_AES_KEY_WRAP_PARAMS structures that could hold IV for CKM_AES_KEY_WRAP_PAD. By quickly looking at RFC5649 I would say it refers to AES in ECB mode which does not need IV, but still I would like to check if this (no visible way to specify IV) was intended.

[PKCS11-ug]
*******************************
12. Chapter 1.1 contains reference [PKCS11-Spec] that seems to be undefined.
13. Chapter 7 states that "This document is intended to be informational only...". I am a little confused by this statement because [PKCS11-ug] contains very important information about fundamental design principles of Cryptoki libraries (session states, object visibility, login state sharing etc.). Is this intentional? I believe these design principles should be normative.
14. Section 6.1 and 6.2 refer to PKCS#11 v2.11 which can be considered external resource, but since v2.40 will be the first version published, distributed and archived by OASIS I would like to suggest to include full text in these chapters, so potential readers find information in one well defined place.

Hope it helps.

--
Kind Regards

Jaroslav Imrich
www.pkcs11interop.net


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]