OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FiPS Indicator proposal.

OK, I've finally got the FIPS indicator propsosal in a proposal form. A lot of the NSS design I realized was specific to how I wanted to implement it in NSS, but other tokens could impliment things differently.
The proposal adds CKF_FIPS_OK and CKF_FIPS_LAST_OK to session flags, CKA_FIPS_OK to the key object, and CKR_FIPS_INVALID to the errors.
I've added some prose about how they interact, but most of the interaction is really defined by the token's security policy.
It's too late to expect full discussions tomorrow, but I didn't want to arbitrarily post this after the meeting tomorrow. I'm open to feedback, a lot of the prose can be cleaned up. 

Bob


https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/68854/PKCS11_FIPS_Indicator_proposal.pdf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]