[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: [pkcs11-comment] CKA_WRAP_WITH_TRUSTED and changing its value
|
All, Here is my proposed answer to John’s mail on the PKCS11 comment list. IMO there is not much we can say now since we have not discussed the content with the TC. I’ll try to prepare an overview of the various attributes and their restrictions (and how those are specified) soon to have a better picture. Best, Daniel John, Thanks for bringing up this issue. The PKCS #11 Technical Committee has identified several unclarities with respect to the changeability of an attribute – and CKA_WRAP_WITH_TRUSTED is just one of them. For example, is there a difference between footnote
8 and mentioning the ability to modify a certain attribute in the text? There should be a uniform way to specify this.
Since PKCS #11 standard 3.1 does not accept new contributions necessary rework is pushed to version 3.2, which will start soon. Kind regards, Daniel From:
pkcs11-comment@lists.oasis-open.org <pkcs11-comment@lists.oasis-open.org>
On Behalf Of john.hughes@secid.co.uk I am testing lots of different devices and tokens against PKCS#11 2.40. Progressing well – but something has come up that I don’t quite understand about the standard – and this pertains to version 3.0 I note the role of note 8 in table 10 – together with the nuances involving notes 11 and 12. One of my test groups goes through different object types and establishes what attributes can be get and set with C_GetAttributeValue and C_SetAttributeValue and seeing if the correct CK_RV code is returned. This in particular is important when trying to change an attribute value when it doesn’t have note 8 assigned from table 10. The weird thing concerns the CKA_WRAP_WITH_TRUSTED attribute – which doesn’t have a note 8 associated with it – although it has a note 11. All the other attributes that have either note 11 or note 12 assigned to them – also have a note 8. Meaning that the attribute can be changed. This pertains to CKA_EXTRACTABLE and CKA_SENSITIVE But because CKA_WRAP_WITH_TRUSTED doesn’t have a note 8 on it – then it can’t be changed and a CKR_ATTRIBUTE_READ_ONLY error should be returned.
So my question is whether CKA_WRAP_WITH_TRUSTED should have a note 8 assigned to it – or is having note 11 assigned to be not needed and the attribute value can only be set on object creation
John Utimaco IS GmbH Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com Seat: Aachen – Registergericht Aachen HRB 18922 VAT ID No.: DE 815 496 496 Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Martin Stamm CFO This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]