1 / 3

PKCS#11 amendments for WTLS and TLS PRF

PKCS#11 amendments for WTLS and TLS PRF. Changes since last version of draft: New values for CKA_CERTIFICATE_CATEGORY: {token user, authority, other entity, unspecified}. May not be modified after the object is created.

thetis
Download Presentation

PKCS#11 amendments for WTLS and TLS PRF

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PKCS#11 amendments for WTLS and TLS PRF Changes since last version of draft: • New values for CKA_CERTIFICATE_CATEGORY: {token user, authority, other entity, unspecified}. May not be modified after the object is created. • The old attribute CKA_CertificateURL, that indicated if CKA_VALUE was the actual certificate of a URL, is removed. CKA_VALUE will always contain the certificate if available. CKA_URL is added that is used to store the URL. Due to this CKA_SUBJECT and CKA_VALUE (must be specified when the object is created) are allowed to be empty if the CKA_URL attribute is non-empty.

  2. PKCS#11 amendments cnt’d • CKA_HASH_OF_ISSUER_PUBLIC_KEY attribute added and CKA_HASH_OF_PUBLIC_KEY attribute renamed to CKA_HASH_OF_SUBJECT_PUBLIC_KEY. They are used to correlate the certificate with private keys and issuer certificates when only the URL is available and can only be empty if CKA_URL is empty. • CKA_CERTIFICATE_DOMAIN renamed to CKA_JAVA_MIDP_SECURITY_DOMAIN. May not be modified after the object is created.

  3. Remaining to be done(Slide written by Magnus) • Assignment of values • New object type (WTLS certificate) • New mechanisms • New attributes • Inclusion in v2.20 • Suggest doing the assignment on the mailing list and then handover to Simon for inclusion in v2.20

More Related