< Return to Ballot details
Vote Details
Ballot: CKA_PUBLIC_KEY_INFO proposal |
Company:Symantec Corp. |
Vote:No |
Comment:CKA_PUBLIC_KEY_INFO adds an alternative packaging for a subset of CKO_PUBLIC_KEY fields. This brings substantial complexity that may not be obvious. There are many ways to create and validate CKA_PUBLIC_KEY_INFO, especially for more complex keys such as ECC. PKCS#11-defined attributes are well-understood, e.g. { CKA_MODULUS, CKA_PUBLIC_EXPONENT} for RSA, and now modules and application will need to package them in a new way, which is undefined in this proposal. The introduction of this parallel encoding is effectively the standardisation of DER encoding as a requirement for clients, which will harm applications with very limited X.509/DER parsing capability. |
|