Hi, Since the PKCS#11 standard is missing a driver registry guideline, I would like to propose the following guideline:
------------------- The biggest missing point in the PKCS#11 standard is the registration of PKCS#11 drivers in the system, so that applications (or even users) can automatically find all available PKCS#11 drivers on a system. Our proposal is to use directories as registry for PKCS#11 drivers. Those directories only contain the drivers that adhere to the PKCS#11 specification (lib*.so, *.DLL). Please put all other additional material (Plugins, data, ...) somewhere else. Current directories: Unix: /usr/lib/pkcs11/ Unix: /usr/lib64/pkcs11/ Solaris: /usr/lib/pkcs11/$ISA/ ($ISA is the architecture: /usr/lib/pkcs11/64/ , ... ) Windows: WINDOWS\SYSTEM32\pkcs11\*.dll Applications like Web Browsers, Email Clients, or cryptoframeworks should be able to automatically load all the drivers in those directories, and be able to use them, without the user having to specify any driver path anymore. It is not required for an application to automatically use all the available drivers. Depending on the usecase, a specific configuration for only one PKCS#11 driver, done by an administrator in the configuration of the application is also ok. This guideline just makes sure, that it is possible for applications (and users) to automatically find, list and possibly use all available drivers. ----------------- This is the current draft of the registry specification. You can always get the latest version here: http://wiki.cacert.org/wiki/Pkcs11TaskForce If you have any comments, suggestions, ideas, or a commitment, feel free to contact me, or add them to the Wiki. Best Regards, Philipp Gühring _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
