ietf
[Top] [All Lists]

Re: PKCS#11 URI slot attributes & last call

2014-12-22 10:01:39
On Thu, 18 Dec 2014, Nikos Mavrogiannopoulos wrote:

On Wed, 2014-12-17 at 22:54 -0800, Jan Pechanec wrote:

+   Slot ID is a Cryptoki-assigned number that is not guaranteed stable
+   across PKCS#11 module initializations.  However, slot description and
+   manufacturer ID may not be enough to uniquely identify a specific
+   reader.  In situations where slot information is necessary use of
+   "slot-id" attribute may be justified if sufficient slot ID stability
+   is provided in the PKCS#11 provider itself or externaly.

Hello Jan,
I'd like to propose the following text instead:
"Slot ID is a Cryptoki-assigned number that is not guaranteed stable
across PKCS#11 module initializations. However, there are certain
libraries and modules which provide stable slot numbers and
descriptions. For these cases, when the manufacturer ID is not
sufficient to uniquely identify a specific reader, the slot
information could be used to increase the precision of the token
identification. In other scenarios, using the slot identifiers is
likely to cause usability issues."

That text discusses both the benefits and the risks.

        hi Nikos, thank you, I like that it is more explicit.  I made 
a minor modification since it could be implied that a slot description 
might have a different stability level than a slot manufacturer ID.

-   Slot ID is Cryptoki-assigned number that is not guaranteed stable
-   across PKCS#11 module initializations.  However, slot description and
-   manufacturer ID may not be enough to uniquely identify a specific
-   reader.  In situations where slot information is necessary use of
-   "slot-id" attribute may be justified if sufficient slot ID stability
-   is provided in the PKCS#11 provider itself or externaly.
+   Slot ID is a Cryptoki-assigned number that is not guaranteed stable
+   across PKCS#11 module initializations.  However, there are certain
+   libraries and modules which provide stable slot identifiers.  For
+   these cases, when the slot description and manufacturer ID is not
+   sufficient to uniquely identify a specific reader, the slot ID could
+   be used to increase the precision of the token identification.  In
+   other scenarios, using slot IDs is likely to cause usability
+   issues.

        attached is draft-pechanec-pkcs11uri-17-v2.txt

        there will more versions as I'm gonna address more comments 
that came in during the last call.

        regards, Jan.

-- 
Jan Pechanec <jan(_dot_)pechanec(_at_)oracle(_dot_)com>

Attachment: draft-pechanec-pkcs11uri-17-v2.txt
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>