Contribution Agreements: Draft 1
PKCS #11 Contribution Letter
PKCS #11 Version 2.1, Proposed Draft 1
Intel Security Technology Lab
2111 NE 25th Ave.
Hillsboro, OR 97124-5961 USA
July 20, 1999
Version 2.1, Draft 1
This draft represents the next revision of PKCS #11 standard. It includes the following enhancements over version 2.01:
- formatting changes to match latest revisions of other PKCS documents
- behavioral clarifications
- new mechanism types
- object enhancements
- new objects types to support hardware feature expansion
- method for applying a secondary authentication PIN to private key objects
The following is a detailed list of each set of edits to the version 2.01 document included in the proposed draft.
- X.509 Attribute certificates
- Data object attribute addition (add OID attribute)
- Addition of RIPE-MD mechanisms
- RFC2279 (UTF8) strings for internationalization
- Clarification of multi-application access behavior (taken from mailing list discussion)
- Clarification of mapping between PKCS #11 and X.509 key usage (adapted from PKCS #15)
- Clarification of whether or not C_Encrypt can be used to terminate a multi-part operation to make sure the intended behavior is acurately reflected.
- Addition of error codes to function descriptions
- Clarification of C_InitToken behavior with respect to the SO PIN (taken from the percieved majority preference on the mailing list)
- Multiple PIN handling.
- Clarification of required lifetime of the CK_C_INITIALIZE_ARGS structure and C_FindObjectsInit templates in applications
- Hardware feature objects to represent items such as real-time clocks, monotonic counters, etc.
Intellectual Property Issues
Contributor hereby submits this Contribution to RSA Laboratories for possible consideration in RSA Laboratories' Public-Key Cryptography Standards (PKCS) and agrees to the guidelines for PKCS contributions in effect at the time this Contribution is submitted.
Contributor also hereby grants RSA Laboratories license to make derivative works of this Contribution and to include all or portions of this Contribution or of such derivative works in PKCS documents and drafts. Contributor represents that it has authority to grant such license.
Intel Corporation makes no representations regarding intellectual property claims by other parties. Such determination is the reponsibility of the user.
All references are included in the proposed draft document itself.
- 7.1 What is probabilistic encryption?
- Contribution Agreements: Draft 1
- Contribution Agreements: Draft 2
- 7.2 What are special signature schemes?
- 7.3 What is a blind signature scheme?
- Contribution Agreements: Draft 3
- Contribution Agreements: Final
- 7.4 What is a designated confirmer signature?
- 7.5 What is a fail-stop signature scheme?
- 7.6 What is a group signature?
- 7.7 What is a one-time signature scheme?
- 7.8 What is an undeniable signature scheme?
- 7.9 What are on-line/off-line signatures?
- 7.10 What is OAEP?
- 7.11 What is digital timestamping?
- 7.12 What is key recovery?
- 7.13 What are LEAFs?
- 7.14 What is PSS/PSS-R?
- 7.15 What are covert channels?
- 7.16 What are proactive security techniques?
- 7.17 What is quantum computing?
- 7.18 What is quantum cryptography?
- 7.19 What is DNA computing?
- 7.20 What are biometric techniques?
- 7.21 What is tamper-resistant hardware?
- 7.22 How are hardware devices made tamper-resistant?