[crypto-discuss] URI Scheme for naming objects
Jan Pechanec
Jan.Pechanec at Sun.COM
Thu Dec 6 04:15:15 PST 2007
>Proposal 2: Named valued
>------------------------
>
>pkcs11:[;token=<label>][;manuf=<label>][;serial=<label>][;model=<label>][;object=<label>]
>
>eg:
>
>pkcs11:object=MyFooKey
>pkcs11:token=Sun Softtoken;object=SignKey
>pkcs11:token=Exam 456;manuf=Example Co
>Inc;model=Super2000;serial=A435F32;object=HostFooSSLKey
>
>
>I'd like some discussion on this. I don't personally see a need for the
>slot name to be specified here but I wouldn't object to it being added
>in. I also haven't purposely added any ability to specify the PIN,
>however specifying wither a login is expected or not might be useful.
we already talked about that - what about a special attribute
similar to SSLPassPhraseDialog, say:
passphrasedialog=(builtin|exec:<file>)
where builtin would read a passphrase from the terminal, exec:...
would read an output of a specified program. If passphrasedialog is not
present then "builtin" should be the default if there is a need to login.
http://www.modssl.org/docs/2.8/ssl_reference.html
--
Jan Pechanec
More information about the crypto-discuss
mailing list