[kmf-discuss] proposal - new kmf_policy attribute
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Thu Jan 31 11:56:31 PST 2008
The SSH/X.509 project developer has asked us if we can add a new optional
parameter to the KMF Policy to indicate the keystore location of the TA
certificate.
I think it is a reasonable request, though we will have to file an arc
case to
modify the kmfcfg interface and kmfpolicy.dtd.
My proposal would add something like this to the .xml/.dtd files:
<ta-location keystore=[file | pkcs11 | nss] name=[filename | token_label
| nss_db_dir]>
The kmfcfg would be modified as follows (for the 'create' and 'modify'
options only):
[ta-location=[file|pkcs11|nss:][filename|token_name|nss_db_directory]]
If no one objects, I will file a fast-track case for this.
-Wyllys
More information about the kmf-discuss
mailing list