< Return to Ballot details

Vote Details

Ballot: CKA_PUBLIC_KEY_INFO proposal
Symantec Corp.
CKA_PUBLIC_KEY_INFO adds an alternative packaging for a subset of CKO_PUBLIC_KEY fields. This brings substantial complexity that may not be obvious. There are many ways to create and validate CKA_PUBLIC_KEY_INFO, especially for more complex keys such as ECC. PKCS#11-defined attributes are well-understood, e.g. { CKA_MODULUS, CKA_PUBLIC_EXPONENT} for RSA, and now modules and application will need to package them in a new way, which is undefined in this proposal. The introduction of this parallel encoding is effectively the standardisation of DER encoding as a requirement for clients, which will harm applications with very limited X.509/DER parsing capability.