RFC7512: The PKCS #11 URI Scheme

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

RFC7512: The PKCS #11 URI Scheme

Ludovic Rousseau
Hello,

I just discovered the RFC7512 [2] by reading [1].

Internet Engineering Task Force (IETF)                       J. Pechanec
Request for Comments: 7512                                     D. Moffat
Category: Standards Track                             Oracle Corporation
ISSN: 2070-1721                                               April 2015


                        The PKCS #11 URI Scheme

Abstract

   This memo specifies a PKCS #11 Uniform Resource Identifier (URI)
   Scheme for identifying PKCS #11 objects stored in PKCS #11 tokens and
   also for identifying PKCS #11 tokens, slots, or libraries.  The URI
   scheme is based on how PKCS #11 objects, tokens, slots, and libraries
   are identified in "PKCS #11 v2.20: Cryptographic Token Interface
   Standard".

Regards,

[1] http://www.bortzmeyer.org/7512.html (in french)
[2] https://www.rfc-editor.org/rfc/rfc7512.txt

--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: RFC7512: The PKCS #11 URI Scheme

David Woodhouse
On Fri, 2015-04-24 at 12:56 +0200, Ludovic Rousseau wrote:
> Hello,
>
> I just discovered the RFC7512 [2] by reading [1].

It's been around for a while in draft form. Last year, I posted pull
requests for engine_pkcs11 and pkcs11-helper to make them support it
appropriately.

https://github.com/OpenSC/engine_pkcs11/pull/9
https://github.com/OpenSC/pkcs11-helper/pull/4

--
David Woodhouse                            Open Source Technology Centre
[hidden email]                              Intel Corporation

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: RFC7512: The PKCS #11 URI Scheme

David Woodhouse
In reply to this post by Ludovic Rousseau
On Fri, 2015-04-24 at 12:56 +0200, Ludovic Rousseau wrote:
> [1] http://www.bortzmeyer.org/7512.html (in french)

Note that the Fedora packaging guidelines mentioned there are purely a
*proposal*, put forth by myself. It's not part of the official Fedora
packaging guidelines yet.

Although was generally well-received by the Fedora Packaging Committee
as a desirable thing to do, I have a little more work to do to finish
it off before it can be approved:
 https://fedorahosted.org/fpc/ticket/480#comment:6

--
dwmw2

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: RFC7512: The PKCS #11 URI Scheme

David Woodhouse
On Fri, 2015-04-24 at 14:25 +0100, David Woodhouse wrote:
> On Fri, 2015-04-24 at 12:56 +0200, Ludovic Rousseau wrote:
> > [1] http://www.bortzmeyer.org/7512.html (in french)
>
> Note that the Fedora packaging guidelines mentioned there are purely a
> *proposal*, put forth by myself. It's not part of the official Fedora
> packaging guidelines yet.

Update: it is now, or will be once the Fedora Packaging Committee gets
round to writing up the decision they just made in today's meeting.

If there is any software in Fedora which uses X.509 certificates but
which *doesn't* automatically use the PKCS#11 providers from the
system's p11-kit configuration, and/or which doesn't accept
certificates specified in the form of a RFC7512 PKCS#11 URI, please
file a bug and mark it as blocking the 'PKCS#11 sanity tracker':

https://bugzilla.redhat.com/showdependencytree.cgi?id=PKCS11

--
David Woodhouse                            Open Source Technology Centre
[hidden email]                              Intel Corporation

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (7K) Download Attachment