Meetingminutes Minutes21082019

August 21, 2019 Meeting Minutes

Meeting commenced 1:00 PM PST

Roll call (Tony) - quorum achieved.
Tony C taking minutes.

Attendance

Attendance noted in KAVI

Proposed agenda

Agenda
Roll call
Review / approval of the agenda
Approve Minutes (07 August 2019)
V3.0 Items
- PR comments review
V3.1
- Status
Comment: C_SetPIN with multiple PINs; authenticated CKO_DATA handling
Comment: Suggestion of two new functions in pkcs11-Version 3
Comment: Behavior of C_Decrypt in pkcs#11
New business
Next meeting
Call for late arrivals
Adjourn

Motion to approve Agenda

Daniel M moved, Bruce R seconded. No objections, comments or abstentions. Agenda approved.

Motion to approve meeting minutes

August 7, 2019
Dieter B moved, Bruce R seconded. No objections, additional comments or abstentions. Minutes approved.

v3.0 Items

Tony C still working through the 4 PR comments.
Action Items - Draft responses for TC review on next call:
- Item 1 - Tony C
- Item 2 - Tony C
- Item 3 - Tony C
- Item 4 - Tony C
Draft content will be placed into the PR responses file (.xls) in the repository.
Tony will endeavour to publish this with enough time for folks to review prior to our next call.

v3.1

Status

Tony C
Bob R suggested inclusion of IKE_KDF include a set of mechanisms needed IPSec
Tim H additional XML testing items
Daniel M suggested we clarify the use of error messages around user login - this will need to be added to the v3.1 wiki.

Comment: C_SetPIN with multiple PINs; authenticated CKO_DATA handling

Tony still working on this one

Comment: Suggestion of two new functions in pkcs11-Version 3

Daniel M - My rough assessment would be that “wully” is mixing communication with a token and PKCS #11 interface functionality in an invalid way. Encrypting the communication between the host and the token is certainly best practice, but it’s outside of the standard. Actually, it’s also required, for example, to secure data provided to C_Encrypt and returned from C_Decrypt. If there is an encrypted channel a CKA_OBJECT can be transmitted in plain text from an application point of view and there is no need for these two functions. So, IMO they don’t make sense.

Comment: Behavior of C_Decrypt in pkcs#11

Seems to revolve around obtaining an adequate buffer size for a C_Decrypt operation and/or stacking multiple C_Decrypt for larger blocks. List consensus is that we need mor prescriptive content on the usage of C_Decrypt.

New business

None

Next meeting

Next meeting will be 4 September August 2019.

Call for late arrivals

2 noted

Motion to Adjourn

Bruce R moved. Daniel M seconded. No objections, comments or abstentions.

Meetingminutes Minutes21082019

August 21, 2019 Meeting Minutes

Meeting commenced 1:00 PM PST

Attendance

Proposed agenda

Motion to approve Agenda

Motion to approve meeting minutes

v3.0 Items

v3.1

Status

Comment: C_SetPIN with multiple PINs; authenticated CKO_DATA handling

Comment: Suggestion of two new functions in pkcs11-Version 3

Comment: Behavior of C_Decrypt in pkcs#11

New business

Next meeting

Call for late arrivals

Motion to Adjourn

Meeting Adjourned at 1:17 PM PST

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!