Re: [pkcs11] CKM_SEAL_KEY

[Tim Hudson <tjh@cryptsoft.com>]

On 11/07/2013 2:45 AM, Michael StJohns wrote:
> "Why" questions are some of the most insidious and useless ones for
> getting work done in standards.

Actually the "Why" questions are the most important ones to be asking in
developing a cooperative standard to ensure we have a common
understanding of both the problem being addressed and the problem
explicitly not being addressed.

PKCS11 goes across a whole range of devices (and problem domains) some
of which work well, some of which much less so - and noting which of
these are the problem area is important to figuring out the direction.

I've been advocating and encouraging looking at what vendors who
actually have tackled these issues have done and to contrast each vendor
approach to solving these problems as that is the richest sort of
information we have about what is actually being done with PKCS11 and
where the issues are. So far the main PKCS11 vendors who have gone
beyond the base specification haven't really spoken up - and encouraging
that needs to happen - or alternatively some of us will simply have to
start writing up generic proposals based on what has been done and
deployed elsewhere.

However all of these are topics to tackle *after* v2.40 is complete -
unless the group consensus has changed we are still focused on wrapping
up what is there and getting it into the format which is necessary for
OASIS with only minor tweaks.

I think the ballots just closed clearly show the group view on that
topic has not changed.

Tim.