[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute
On 6/12/2013 1:15 PM, Stef Walter wrote:
Wouldn't you return CKR_ATTRIBUTE_READ_ONLY in this case?Yes, perhaps. It is a misleading error code though. There is a semantic difference between an object that is not modifiable, and attributes that are read-only on an object.
Fair comment. I think I'm agnostic on adding a new code - either way works.
Even if we don't change this, we should document CKR_ATTRIBUTE_READ_ONLY as the error code to return in the case of CKA_MODIFIABLE = CK_FALSE. Currently it's left as an exercise to the reader.
If you add a new code or want to add this caveat, it probably needs to go into section 7.1.2. If you add a new code, we'll need text for 8.1.6 as well as an updated list of error codes for C_CopyObject.
[And apparently we forgot to do that for CKR_COPY_PROHIBITED - let me see if I can propose a paragraph for inclusion]