OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute

On 12.06.2013 18:52, Michael StJohns wrote:
> On 6/12/2013 4:01 AM, Stef Walter wrote:
>> On 28.05.2013 11:13, Stef Walter wrote:
>>> This defines a new boolean attribute CKA_DESTROYABLE. Currently it is
>>> ambiguous whether CKA_MODIFIABLE objects are destroyable with
>>> C_DestroyObject.
>> <snip>
>>> | o CKR_NOT_DESTROYABLE: An attempt was made to destroy an object
>>> |   which is may not be destroyed.
>> Related to this. It does not seem that there is a clear CKR_xxx error
>> code for when C_SetAttributeValue is called on an object with
> Wouldn't you return CKR_ATTRIBUTE_READ_ONLY in this case?

Yes, perhaps. It is a misleading error code though. There is a semantic
difference between an object that is not modifiable, and attributes that
are read-only on an object.

Even if we don't change this, we should document CKR_ATTRIBUTE_READ_ONLY
as the error code to return in the case of CKA_MODIFIABLE = CK_FALSE.
Currently it's left as an exercise to the reader.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]