[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pkcs11-comment] CKA_WRAP_WITH_TRUSTED and changing its value
Thanks Daniel for getting back to me on this. I have been doing a lot of testing of various PKCS#11 tokens over the last few years – and this is one of the issues I came up with. If I find any other issues have you an approx. timescale by which issues for 3.2 need to be submitted by? Regards John From: Daniel Minder <Daniel.Minder@utimaco.com> John, Thanks for bringing up this issue. The PKCS #11 Technical Committee has discussed it and approves the following response: The PKCS #11 Technical Committee has identified several unclarities with respect to the changeability of an attribute – and CKA_WRAP_WITH_TRUSTED is just one of them. For example, is there a difference between footnote 8 and mentioning the ability to modify a certain attribute in the text? There should be a uniform way to specify this. Since PKCS #11 standard 3.1 does not accept new contributions necessary rework is pushed to version 3.2, which will start soon. Kind regards, Daniel From: pkcs11-comment@lists.oasis-open.org <pkcs11-comment@lists.oasis-open.org> On Behalf Of john.hughes@secid.co.uk I am testing lots of different devices and tokens against PKCS#11 2.40. Progressing well – but something has come up that I don’t quite understand about the standard – and this pertains to version 3.0 I note the role of note 8 in table 10 – together with the nuances involving notes 11 and 12. One of my test groups goes through different object types and establishes what attributes can be get and set with C_GetAttributeValue and C_SetAttributeValue and seeing if the correct CK_RV code is returned. This in particular is important when trying to change an attribute value when it doesn’t have note 8 assigned from table 10. The weird thing concerns the CKA_WRAP_WITH_TRUSTED attribute – which doesn’t have a note 8 associated with it – although it has a note 11. All the other attributes that have either note 11 or note 12 assigned to them – also have a note 8. Meaning that the attribute can be changed. This pertains to CKA_EXTRACTABLE and CKA_SENSITIVE But because CKA_WRAP_WITH_TRUSTED doesn’t have a note 8 on it – then it can’t be changed and a CKR_ATTRIBUTE_READ_ONLY error should be returned. So my question is whether CKA_WRAP_WITH_TRUSTED should have a note 8 assigned to it – or is having note 11 assigned to be not needed and the attribute value can only be set on object creation John
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]