OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute

On 6/12/2013 2:00 PM, Stef Walter wrote:
On 12.06.2013 19:45, Michael StJohns wrote:
On 6/12/2013 1:15 PM, Stef Walter wrote:
Wouldn't you return CKR_ATTRIBUTE_READ_ONLY in this case?
Yes, perhaps. It is a misleading error code though. There is a semantic
difference between an object that is not modifiable, and attributes that
are read-only on an object.
Fair comment.  I think I'm agnostic on adding a new code - either way

Even if we don't change this, we should document CKR_ATTRIBUTE_READ_ONLY
as the error code to return in the case of CKA_MODIFIABLE = CK_FALSE.
Currently it's left as an exercise to the reader.
If you add a new code or want to add this caveat, it probably needs to
go into section 7.1.2.  If you add a new code, we'll need text for 8.1.6
as well as an updated list of error codes for C_CopyObject.

[And apparently we forgot to do that for CKR_COPY_PROHIBITED - let me
see if I can propose a paragraph for inclusion]
I wonder if we should use the same code in both places, that is:

#define CKA_NOT_PERMITTED    0x0000001A

And deprecate CKR_COPY_PROHIBITED ... If it has already been part of a
spec revision. It's not in the latest headers. So may just be replaceable.

Yup. None of the changes made in 2.30 are in the header files. The original intent was to pass 30 day public review and then issue them. Oops. That suggests we need to do a sweep of the changes from 2.20a3 to 2.30 and see if there are any items that need to be added into the header files.

Anyway, the error code denotes that the primary action to be taken by
the called function (C_SetAttributeValue, C_CopyObject, C_DestroyObject)
is not permitted due to a policy flag (ie: CKA_MODIFIABLE, CKA_COPYABLE,
and CKA_DESTROYABLE respectively).

Its Section 8.1.6 blurb might look like:

CKR_NOT_PERMITTED:  This value can only be returned by C_CopyObject,
C_SetAttributeValue and C_DestroyObject. It denotes that the action may
not be taken, either because of underlying policy restrictions on the
token, or because the object has the the relevant CKA_COPYABLE,

I don't have any objection to this. I'd probably call it CKR_ACTION_PROHIBITED though. I'd probably add a blurb for CKA_COPY_PROHIBITED and say "Same error code as .... Use that one instead of this one.".

If this seems like a good approach, I'd be happy to dress this up into
proposal form.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]