Re: Request for vendor defined mechanism allocation

["Chakrabarti, Somesh" <someshc@amazon.com>]

Thank you for the response.

 

The new mechanism we want to expose is for AES GCM â it will prepend the internally generated IV to the ciphertext and enforce that pIV in the CK_GCM_PARAMS struct is set to NULL so that user expectations are clearly set. I have not yet searched the PKCS11 3.0 specification for something equivalent.

Somesh

 

From: "Fenwick, Valerie" <valerie.fenwick@intel.com>
Date: Tuesday, May 21, 2019 at 10:40 AM
To: "Chakrabarti, Somesh" <someshc@amazon.com>, "pkcs11-comment@lists.oasis-open.org" <pkcs11-comment@lists.oasis-open.org>
Subject: RE: Request for vendor defined mechanism allocation

 

Hi Somesh â

 

We donât reserve ranges of vendor defined mechanisms, other than what range they can be in. That is, 2 separate vendors may use the same IDs, which require the applications to understand what libraries they are calling into and the expected behavior.

 

What are the mechanisms for? We have many new mechanisms coming out in PKCS#11 v3.0 and you may find your needs are already met by the standard.

 

Thank you,

 

Valerie

 

From: pkcs11-comment@lists.oasis-open.org <pkcs11-comment@lists.oasis-open.org> On Behalf Of Chakrabarti, Somesh
Sent: Monday, May 20, 2019 4:23 PM
To: pkcs11-comment@lists.oasis-open.org
Subject: [pkcs11-comment] Request for vendor defined mechanism allocation

 

Dear PKCS11 committee and members,

 

We want to reserve a block of vendor defined mechanism codes for AWS CloudHSM. Can you please let us know what is required to do this?

 

Thank you,

Somesh Chakrabarti

Sr Security Engineer, AWS CloudHSM