Title

PKCS #11 Version 2.11, Proposed Draft 1

Classification

Proposed Specification

Contributor

Matthew Wood
matthew.d.wood@intel.com
Intel Internet Authentication Services
20325 N.W. Von Neumann Drive

Beaverton, OR 97006 USA

Date/Version

November 19, 2000
Version 2.11, Draft 1

Abstract

This draft represents the next revision of PKCS #11 standard. It includes the following enhancements over version 2.10:

-         deprecation of secondary authentication

-         PIN expiration and reset behavior

-         trusted objects

-         AES mechanisms

-         X9.31 RSA mechanisms

-         misc. typo fixes

Description

The following is a detailed list of each set of edits to the version 2.10 document included in the proposed draft.

-         Deprecated secondary authentication

o       Added appendix to use the iD2 multiple slot method as informative

-         Add note about write-protect flag changing with login to allow public objects to be read-only without login

-         PIN expiration

o       If PIN expires, CKF_USER_PIN_TO_BE_CHANGED is set, allow login and all functions that require login return CKR_PIN_EXPIRED until C_SetPIN is called. C_Login will never return CKR_PIN_EXPIRED.

o       Allow C_SetPIN to work without login (always changes user PIN)

-         Trusted objects (keys, certs) CKA_TRUSTED

-         AES mechanisms, CKM_AES w/ECB/CBC/CBC-PAD modes

-         X9.31 RSA w/related combos

-         Misc. typo fixes.

Intellectual Property Issues

Contributor hereby submits this Contribution to RSA Laboratories for possible consideration in RSA Laboratories' Public-Key Cryptography Standards (PKCS) and agrees to the guidelines for PKCS contributions in effect at the time this Contribution is submitted.

Contributor also hereby grants RSA Laboratories license to make derivative works of this Contribution and to include all or portions of this Contribution or of such derivative works in PKCS documents and drafts. Contributor represents that it has authority to grant such license.

Intel Corporation makes no representations regarding intellectual property claims by other parties. Such determination is the responsibility of the user.

References

All references are included in the proposed draft document itself.