[kmf-discuss] proposal - new kmf_policy attribute
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Thu Feb 21 08:36:40 PST 2008
Jan Pechanec wrote:
> On Thu, 31 Jan 2008, Wyllys Ingersoll wrote:
>
> hi Wyllys, what is the status of this please? There was some
> discussion on this 3 weeks ago which I'm not sure that converged.
>
> thanks, Jan.
>
>
I think the last issue was whether or not to include a separate
parameter for the
directory as part of the ta-location or just assume that the filename
was a full pathname.
I prefer to keep it simple and just use a single filename, but it would
be inconsistent with
some of the other policy parameters such as crl-directory and crl-filename.
-Wyllys
>> The SSH/X.509 project developer has asked us if we can add a new optional
>> parameter to the KMF Policy to indicate the keystore location of the TA
>> certificate.
>>
>> I think it is a reasonable request, though we will have to file an arc
>> case to
>> modify the kmfcfg interface and kmfpolicy.dtd.
>>
>> My proposal would add something like this to the .xml/.dtd files:
>>
>> <ta-location keystore=[file | pkcs11 | nss] name=[filename | token_label
>> | nss_db_dir]>
>>
>> The kmfcfg would be modified as follows (for the 'create' and 'modify'
>> options only):
>>
>> [ta-location=[file|pkcs11|nss:][filename|token_name|nss_db_directory]]
>>
>>
>> If no one objects, I will file a fast-track case for this.
>>
>> -Wyllys
>>
>>
>>
>> _______________________________________________
>> kmf-discuss mailing list
>> kmf-discuss at opensolaris.org
>> http://mail.opensolaris.org/mailman/listinfo/kmf-discuss
>>
>>
>
>
More information about the kmf-discuss
mailing list