pkcs11 message

Subject: Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute

From: Tim Hudson <tjh@cryptsoft.com>
To: pkcs11@lists.oasis-open.org
Date: Thu, 13 Jun 2013 05:35:41 +1000

On 13/06/2013 5:23 AM, Stef Walter wrote:
> On 12.06.2013 21:22, Tim Hudson wrote:
>>> I wonder if we should use the same code in both places, that is:
>>>
>>> #define CKA_NOT_PERMITTED    0x0000001A
>>> #define CKA_COPY_PROHIBITED   CKR_NOT_PERMITTED
>> Absolutely definitely not something I would suggest makes sense. 
>> If we see the need to have a separate name for an error code then it SHALL be a separate value. 
>> Aliases for error codes is not a sensible path IMHO.
> This is deprecating the CKA_COPY_PROHIBITED because it was part of
> PKCS#11 v2.30. There's no need for separate error codes.

That isn't "deprecation" ... any existing example should continue to
work - we should not be reusing codes (the space for codes is not
something where we are under sufficient resource constraints that we
need to carefully monitor each addition). That applies to all the use of
codes (attribute numbers, mechanism numbers, error codes, flags, etc).

Tim.

Follow-Ups:
- Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute
  - From: Stef Walter <stefw@redhat.com>

References:
- Re: Proposal: New CKA_DESTROYABLE attribute
  - From: Stef Walter <stefw@redhat.com>
- Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute
  - From: Michael StJohns <msj@nthpermutation.com>
- Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute
  - From: Stef Walter <stefw@redhat.com>
- Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute
  - From: Michael StJohns <msj@nthpermutation.com>
- Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute
  - From: Stef Walter <stefw@redhat.com>
- Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute
  - From: Tim Hudson <tjh@cryptsoft.com>
- Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute
  - From: Stef Walter <stefw@redhat.com>