RE: [pkcs11] Is it time to drop ECDSA references in the standard?

All,

I support removal of the deprecated items. The major release of PKCS#11 3.0 is the best moment for doing so.

Thanks,

Dieter

From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] On Behalf Of Tim Hudson
Sent: Samstag, 18. November 2017 23:49
To: pkcs11@lists.oasis-open.org
Subject: Re: [pkcs11] Is it time to drop ECDSA references in the standard?

If we are going to look at removing items that have been deprecated (a reasonable idea IMHO), then we should remove all deprecated items which would be the following list (just from a quick look at pkcs11t.h):

#define CKK_ECDSA 0x00000003UL /* Deprecated */

#define CKK_CAST5 0x00000018UL /* Deprecated */

#define CKA_ECDSA_PARAMS 0x00000180UL /* Deprecated */

#define CKA_SECONDARY_AUTH 0x00000200UL /* Deprecated */

#define CKA_AUTH_PIN_FLAGS 0x00000201UL /* Deprecated */

#define CKM_CAST5_CBC 0x00000322UL /* Deprecated */

#define CKM_CAST5_MAC 0x00000323UL /* Deprecated */

#define CKM_CAST5_MAC_GENERAL 0x00000324UL /* Deprecated */

#define CKM_CAST5_CBC_PAD 0x00000325UL /* Deprecated */

#define CKM_PBE_MD5_CAST5_CBC 0x000003A4UL /* Deprecated */

#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5UL /* Deprecated */

#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040UL /* Deprecated */

CK_AES_GCM_PARAMS /* Deprecated. Use CK_GCM_PARAMS */

CK_AES_CCM_PARAMS /* Deprecated. Use CK_CCM_PARAMS */

Of those items CKA_SECONDARY_AUTH and CKA_AUTH_PIN_FLAGS are the only ones which are not a simple renaming (i.e. there is another name for precisely the same concept).

From a header file perspective we could introduce a define that allows deprecated items to be included (if we don't simply want to remove them).

Keeping deprecated items which were deprecated (most of them) 17 years ago seems unnecessary.

Tim.

On Sat, Nov 18, 2017 at 11:54 PM, Johnson Darren <darren.johnson@gemalto.com> wrote:

Hi

the EC section of the standard continuously makes allowances for the older ECDSA data types that was deprecated in v2.11. For example

EC (also related to ECDSA) public…

key type CKK_EC or CKK_ECDSA …

CKA_EC_PARAMS^1,3(CKA_ECDSA_PARAMS)

The CKA_EC_PARAMS or CKA_ECDSA_PARAMS attribute…

creating an EC (ECDSA) public key object…

denoted CKM_EC_KEY_PAIR_GEN or CKM_ECDSA_KEY_PAIR_GEN,…

and so on…

Given that this is a major revision of the standard (v3.0), is now a good time to remove all the text that references these deprecated values? The deprecated values should be left in the header files, but I don’t see the need to keep them alive in the standard.

It is mostly an editorial change to delete the extra text. I have no problem writing up a proposal to make the editors job easier. But I thought I would poll the group to see if there is any appetite for this type of clean up.

Thanks

Darren

This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.

pkcs11 message