OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute

On 12.06.2013 21:35, Tim Hudson wrote:
> On 13/06/2013 5:23 AM, Stef Walter wrote:
>> On 12.06.2013 21:22, Tim Hudson wrote:
>>>> I wonder if we should use the same code in both places, that is:
>>>> #define CKA_NOT_PERMITTED    0x0000001A
>>> Absolutely definitely not something I would suggest makes sense. 
>>> If we see the need to have a separate name for an error code then it SHALL be a separate value. 
>>> Aliases for error codes is not a sensible path IMHO.
>> This is deprecating the CKA_COPY_PROHIBITED because it was part of
>> PKCS#11 v2.30. There's no need for separate error codes.
> That isn't "deprecation" ... any existing example should continue to
> work - we should not be reusing codes (the space for codes is not
> something where we are under sufficient resource constraints that we
> need to carefully monitor each addition). That applies to all the use of
> codes (attribute numbers, mechanism numbers, error codes, flags, etc).

So, to clarify ... what are you proposing here? One of the the following?

 a) C_SetAttributeValue and C_DestroyObject should return one error
    code when the action is not permitted (ie: CKR_ACTION_PROHIBITED),
    and C_CopyObject should return another (ie: CKR_COPY_PROHIBITED).

 b) C_SetAttributeValue, C_DestroyObject and C_CopyObject should each
    return different error codes when the action is not permitted.

 c) something else entirely...



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]