OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [pkcs11] C_ChangeLabel/C_ClearToken




On 06/07/13 12:46, Tim Hudson wrote:
On 8/06/2013 5:27 AM, Dina Kurktchi wrote:
     Making the token name available as a HW object could be done,
     but it seems a "heavy" approach.  It feels simpler, less prone
     to issues, to modify the single field in the token info struct.

Dina - nice clear write up!

My initial thoughts from reading that stream of information is that you
really want to just have an C_UpdateTokenInfo/C_SetTokenInfo call that
takes the CK_SLOT_ID and current CK_TOKEN_INFO and applies whatever
modifications the token supports to that information which may be none,
just the label, or whatever else is allowed to be changed by the
implementation. The same could be applied to the slot details with a
C_UpdateSlotInfo/C_SetSlotInfo - for exactly the same reasons as wanting
to update that information without having to re-setup slots for those
devices where slots are dynamic (and created via an API call).

Emails crossed paths, just saw this.

Yes, the *idea* is what I want, with whatever else it takes to
prevent me(!) from crafting a compromised token, copying your
token's name onto mine, and then zapping/changing the label on
your token.


Adding in a new HW object to handle this seems like a rather strange way
to approach things - and referencing the HW clock for a model is a
stretch - that's a very different concept than the label on a token. It
always seemed to me that there was a reluctance to add new functions
into the API which is why some items have ended up handled the way they
have.

I'm not sure this is a v2.40 item however; but if it is tackled I would
lean towards the simple C_SetTokenInfo(CK_SLOT_ID slotID,
CK_TOKEN_INFO_PTR pInfo) as the right sort of fit for what we current
have in the API.

Tim.


And I'm open to that too.

D.


---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]