[Cryptech Tech] token api
Randy Bush
randy at psg.com
Tue Mar 11 20:43:50 UTC 2014
[ my warped understanding, likely incorrect ]
in yesterday's and today's discussion
o it was expressed that pkcs#11 was needed in the mid term (end of
year protypes) for applications such as dnssec and rpki.
o it was also expressed that pkcs#11 is not pretty and should not be
the sole or even principle driver of the token api design, as it
would bias the design in undisirable ways.
these are not as diametrically opposed as one might think from being
overly-assertively miscommunitated in overly long discussion :)
it was suggested that there should be an underlying api which pkcs#11
could use as could other apis such as gpg's. it would be more elegant
and 'correct' than straight pkcs#11. but as near as we got to
articulating this underlying api was to agree to try to abstract
pkcs#11, gpg, and any other key examples we can find. as this had not
been discussed before, things got pretty squishy quickly.
we need to resolve this in the next couple of months. bright ideas and
constructive suggestions solicited.
randy
More information about the Tech
mailing list