[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute
On 12.06.2013 21:35, Tim Hudson wrote: > On 13/06/2013 5:23 AM, Stef Walter wrote: >> On 12.06.2013 21:22, Tim Hudson wrote: >>>> I wonder if we should use the same code in both places, that is: >>>> >>>> #define CKA_NOT_PERMITTED 0x0000001A >>>> #define CKA_COPY_PROHIBITED CKR_NOT_PERMITTED >>> Absolutely definitely not something I would suggest makes sense. >>> If we see the need to have a separate name for an error code then it SHALL be a separate value. >>> Aliases for error codes is not a sensible path IMHO. >> This is deprecating the CKA_COPY_PROHIBITED because it was part of >> PKCS#11 v2.30. There's no need for separate error codes. > > That isn't "deprecation" ... any existing example should continue to > work - we should not be reusing codes (the space for codes is not > something where we are under sufficient resource constraints that we > need to carefully monitor each addition). That applies to all the use of > codes (attribute numbers, mechanism numbers, error codes, flags, etc). So, to clarify ... what are you proposing here? One of the the following? a) C_SetAttributeValue and C_DestroyObject should return one error code when the action is not permitted (ie: CKR_ACTION_PROHIBITED), and C_CopyObject should return another (ie: CKR_COPY_PROHIBITED). b) C_SetAttributeValue, C_DestroyObject and C_CopyObject should each return different error codes when the action is not permitted. c) something else entirely... Cheers, Stef
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]