OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] pkcs11-global-objects.docx: CKA_GLOBAL

On 7/3/2013 3:23 AM, Oscar K So Jr. wrote:
Michael,

What does CKA_GLOBAL really means ?

For example, does it mean that when PKCS#11 object with CKA_GLOBAL= <whatever value>, such PKCS#11 object can be "operated" within the tokens under one HSM ?

Sorry - I'm having problems understanding what you mean by the question.  Let me take a try at it.

CKA_GLOBAL is just another classifier attribute - probably closest to CKA_CLASS in the way it might be used.  Existing token objects are all within the domain of the token user (e.g. they go away when the token is re-initialized, or when the session ends).  This provides a marker mechanism to mark objects with scope that's closer to the token implementation rather than to a specific token instantiation (e.g. to associate them with the life cycle between manufacture and destruction rather than the part of the life cycle between calls to  C_InitToken and C_Zeroize).

If you look at the documentation for the Trusted Platform Module you'll see descriptions of keys and objects that belong to the TPM rather than to any individual using the TPM (e.g. the Endorsement Key and the EK Certificate, the platform certificate, etc).  There is no current way in PKCS11 of getting similar semantics or objects.

Mike




Thanks,
Oscar









On 06/26/13 02:45 PM, Michael StJohns wrote:
Submitter's message
This was formerly section 2 of pkcs11-global-values-v2.docx. It consists of a description of some number of objects that might be created using the CKA_GLOBAL convention.

This is not an active proposal at this time. If CKA_GLOBAL is approved and either CKM_SEAL_KEY or CKM_CERTIFY_KEY are approved as a work item, sections of this document will be proposed as pseudo-objects for inclusion in the spec.
-- Michael StJohns
Document Name: pkcs11-global-objects.docx
Description
This was formerly section 2 of pkcs11-global-values-v2.docx. It consists
of a description of some number of objects that might be created using the
CKA_GLOBAL convention.
Download Latest Revision
Public Download Link
Submitter: Michael StJohns
Group: OASIS PKCS 11 TC
Folder: Working Drafts
Date submitted: 2013-06-26 14:44:59

 


-- 

Best,
Oscar

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]