OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [pkcs11] Is it time to drop ECDSA references in the standard?



I support removal of the deprecated items. The major release of PKCS#11 3.0 is the best moment for doing so.





From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] On Behalf Of Tim Hudson
Sent: Samstag, 18. November 2017 23:49
To: pkcs11@lists.oasis-open.org
Subject: Re: [pkcs11] Is it time to drop ECDSA references in the standard?


If we are going to look at removing items that have been deprecated (a reasonable idea IMHO), then we should remove all deprecated items which would be the following list (just from a quick look at pkcs11t.h):


#define CKK_ECDSA               0x00000003UL /* Deprecated */

#define CKK_CAST5               0x00000018UL /* Deprecated */

#define CKA_ECDSA_PARAMS       0x00000180UL /* Deprecated */

#define CKA_SECONDARY_AUTH     0x00000200UL /* Deprecated */

#define CKA_AUTH_PIN_FLAGS     0x00000201UL /* Deprecated */

#define CKM_CAST5_CBC                  0x00000322UL /* Deprecated */

#define CKM_CAST5_MAC                  0x00000323UL /* Deprecated */

#define CKM_CAST5_MAC_GENERAL          0x00000324UL /* Deprecated */

#define CKM_CAST5_CBC_PAD              0x00000325UL /* Deprecated */

#define CKM_PBE_MD5_CAST5_CBC          0x000003A4UL /* Deprecated */

#define CKM_PBE_SHA1_CAST5_CBC         0x000003A5UL /* Deprecated */

#define CKM_ECDSA_KEY_PAIR_GEN         0x00001040UL /* Deprecated */




Of those items CKA_SECONDARY_AUTH and CKA_AUTH_PIN_FLAGS are the only ones which are not a simple renaming (i.e. there is another name for precisely the same concept). 


From a header file perspective we could introduce a define that allows deprecated items to be included (if we don't simply want to remove them).


Keeping deprecated items which were deprecated (most of them) 17 years ago seems unnecessary. 





On Sat, Nov 18, 2017 at 11:54 PM, Johnson Darren <darren.johnson@gemalto.com> wrote:


the EC section of the standard continuously makes allowances for the older ECDSA data types that was deprecated in v2.11.  For example


EC (also related to ECDSA) public…

key type CKK_EC or CKK_ECDSA



creating an EC (ECDSA) public key object…


and so on…


Given that this is a major revision of the standard (v3.0), is now a good time to remove all the text that references these deprecated values?  The deprecated values should be left in the header files, but I don’t see the need to keep them alive in the standard.


It is mostly an editorial change to delete the extra text.  I have no problem writing up a proposal to make the editors job easier.  But I thought I would poll the group to see if there is any appetite for this type of clean up.




This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.


Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Malte Pollmann (Chairman) CEO, Dr. Frank J. Nellissen CFO

This communication is confidential. We only send and receive email on the basis of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]