Re: [pkcs11] fwd: CKM_PKCS5_PBKD2_PARAMS struct: password length

[Tim Hudson <tjh@cryptsoft.com>]

On 12/04/2013 7:04 AM, Michael StJohns wrote:
> On 4/11/2013 4:47 PM, Tim Hudson wrote:
>> And that approach misses the point that we have a mess - the current
>> mechanism as realised in actual implementation is non-interoperable
>> from the point of view of the consumers of PKCS11.
>>
>> It needs to be fixed. Now is the time to fix it. We are making
>> changes - this is v2.40 - not v2.30 or v2.20.
>>
>> It is not a no-impact change from the point of view of users - it is
>> leaving the current impact (non-interoperable) in place - and the
>> point of PKCS11 is to have interoperability. 
>
> And you're missing the point that on my laptop I have header files
> from at least three different vendors including the PKCS11 from Java
> that have the values as they currently exist in the 2.20 header
> files.  You're saying - just fix the header file and the text so its a
> CK_ULONG.

And I've got three vendors who have changed it and two who have just
placed a long and not used it as a pointer on one test configuration here.

It's a mess. It needs fixing. Multiple vendors have indicated they
corrected the clear mistake in the header files - leaving it alone is
basically not a sensible option.

Anyone currently using that mechanism is non-interoperable.

I'm saying in PKCS11 v2.30 we can fix this - it is a new version - and
we have not as a committee elected to make no changes and to require
completely binary compatibility with previous (non-OASIS) versions.

Tim.