[kmf-discuss] proposal - new kmf_policy attribute
Jan Pechanec
Jan.Pechanec at Sun.COM
Fri Feb 22 03:05:47 PST 2008
On Thu, 21 Feb 2008, Wyllys Ingersoll wrote:
I support this proposal. J.
>Im trying to pick up where we left off before...
>
>The discussion was about how to best add new (optional) "ta-location"
>parameter to the policy database and support it in kmfcfg.
>
>The issue raised was whether or not we should have separate
>options for the directory and pathname like we do for crls
>(crl-basefilename,
>crl-directory).
>
>My opinion is that we should allow ta-location to be specified as a full
>pathname and also to deprecate the use of the "crl-basefilename" and
>"crl-directory" options in favor of "crl-pathname". We can programmatically
>derive the basename and directory name from the crl-pathname (assuming it is
>properly formed in the first place).
>
>So, the new proposal looks something like this:
>
>
>kmfcfg(1) will be modified for the "create" and "modify" options to support
>a new "ta-location" option:
>
>[ta-location=[file|pkcs11|nss:][filename|token_name|nss_db_direct ory]]
>
>crl-basefilename and crl-directory will no longer appear in the "help"
>text but will
>remain supported for backwards compat. The "new" crl will be specified as
>
>[crl-filename=path_to_crl_file]
>
>If crl-filename is present, crl-directory and/or crl-basefilename will
>be ignored.
>
>The default kmfpolicy.xml will not need to change since it does not
>include any
>of those options now. The kmfpolicy.dtd will have to be modified to
>allow for
>the new options.
>
>Once we are in agreement, I will file a PSARC fast-track.
>
>-Wyllys
>
>
>
>_______________________________________________
>kmf-discuss mailing list
>kmf-discuss at opensolaris.org
>http://mail.opensolaris.org/mailman/listinfo/kmf-discuss
>
--
Jan Pechanec
More information about the kmf-discuss
mailing list