OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [External] : [pkcs11] FIPS indicators

Why would we need a new function for an FIPS indicator ?

For a session could we use a flag that can be reported via the CK_SESSION_INFO ?

Similarly a flag for CK_MECHANISM_INFO to indicate if the slot/token combination allows it to provide services in a FIPS 140 compatible way.

Then for keys an attribute CKA_FIPS140_3 that takes an appropriate value, maybe similar to how CKA_ALWAYS_SENSITIVE works.

What am I missing with the above that a new C_GetFIPSStatus() provides that the above doesn't ?

Darren

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]