OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] Proposal: Define CKA_JAVA_MIDP_SECURITY_DOMAIN constants

Hi Stef -

My take is the general model is that CK_XXX is used for typedefs and structs, while CKx_XXX is used for value enumerations. The fact that the OTP stuff did this differently is an interesting point of information, but not compelling - it actually has a few "type"ing problems - see below.

CKV_xxx might not be the correct prefix, but there are a number of these small enumerations that need to go somewhere and ideally not at the top level, but grouped and defined under an enum-like type definition.

How about CKCC_XXX for certificate categories and CKCM_XXX for midp security domains?

Add CK_JAVA_MIDP_SECURITY_DOMAIN as a typedef for CK_ULONG (identified by CKCM_XXX), add CK_CERTIFICATE_CATEGORY as a typedef for CK_ulong (identified by CKCM_xxx), update the appropriate tables with that type. (table 24 for midp, table 23 for certificate category).

For the OTP stuff, there probably needs to be a few changes -

Move the CK_OTP_FORMAT* values under CKPF_* and type that as a CK_OTP_FORMAT enum Move the CK_OTP_PARAM* values under CKPP_* and type that as a CK_OTP_PARAM enum
(Update table 86 to reflect those changes - specifically the data type).

I don't have strong feelings on this, but if we're going to throw away the enum model, we should do it with eyes wide open.


On 6/24/2013 10:45 AM, Stef Walter wrote:
Changed to use 'CK_XXXX' instead of 'CKV_' for the constant prefix. This
is similar to the new OTP constants and other other odds and ends
constants we have.



9.4 Object types

*** new item to be added
|   CK_JAVA_MIDP_SECURITY_DOMAIN is a value that identifies the Java
|   MIDP security domain of a certificate. It is defined as follows:
|   For this version of Cryptoki, the following security domains
|   are defined. See the Java MIDP specification for further
|   information.
| |-----------------------------------------------------------------|
| | Constant                         | Value | Meaning              |
| |-----------------------------------------------------------------|
| | CK_SECURITY_DOMAIN_UNSPECIFIED  | 0UL   | No domain specified   |
| | CK_SECURITY_DOMAIN_MANUFACTURER | 1UL   | Manufacturer          |
| |                                 |       | protection domain     |
| | CK_SECURITY_DOMAIN_OPERATOR     | 2UL   | Operator protection   |
| |                                 |       | domain                |
| | CK_SECURITY_DOMAIN_THIRD_PARTY  | 3UL   | Third party           |
| |                                 |       | protection domain     |
| |-----------------------------------------------------------------|

10.6.3  X.509 public key certificate objects

*** table row to be updated
|                                                     security domain.
|                             (default CK_SECURITY_DOMAIN_UNSPECIFIED)

A  Manifest Constants

*** Lines to be added
| #define CK_SECURITY_DOMAIN_OPERATOR                 2UL
| #define CK_SECURITY_DOMAIN_THIRD_PARTY              3UL

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]