Re: [pkcs11] C_ChangeLabel/C_ClearToken

[Tim Hudson <tjh@cryptsoft.com>]

On 10/06/2013 8:58 AM, Michael StJohns wrote:
> I really can't think of any reason why any information in this
> structure should be anything but read-only. 

The context is simply one where these are dynamically created items
(slot and tokens).
At the moment all vendors who have dynamic devices have to use
vendor-specific methods.

In that context all of the fields (other than perhaps the Version
fields) are settable.

Whether or not a particular device manufacturer lets a field be
specified or provides a default is up to the manufacturer and the
behaviour there varies.

This is how virtualisation/multi-tennacy/partitioning are handled - and
that is very much in active use at the high-end of the market.
These are not items which are particularly relevant for a single token
in a single slot.

It may be that all of these are post v2.40 items - however supporting a
standard way of handling this area does need to be tackled and if we are
going to start allowing renaming of tokens then we are moving away from
the fixed one-time set up model.

Tim.