On Mon, 2014-12-15 at 15:30 +0100, Jaroslav Imrich wrote: > I support the idea of updating packaging guidelines but I am not quite > sure about the second bullet: > "PKCS#11 modules SHOULD silently fail to load if their corresponding > hardware is not present, or in the case of pure software tokens such > as SoftHSM if there is no storage configured for the user in > question."
I'm actually really tempted just to drop the guidelines for *providers* entirely for now. Although it would be nice to use them to chase up https://bugzilla.redhat.com/show_bug.cgi?id=1085327 and https://bugzilla.redhat.com/show_bug.cgi?id=1073320 I suppose. > Most PKCS#11 modules I have seen would load in such case and would > return CKR_TOKEN_NOT_RECOGNIZED for any unknown accessible device. > None of them was open source but I believe system wide solution should > take also commercial closed source solutions into account. Yeah, that's reasonable behaviour I suppose. I'll remove that requirement. Is there anything we want to put in its place to make it clear that tokens shouldn't misbehave if their hardware or configuration (in the case of SoftHSM) is absent? -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ p11-glue mailing list p11-glue@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/p11-glue
