OASIS PKCS 11 TC

Hi,

I've noticed in spec that we use the term "deprecated" with no real definition of what it means.  Is it defined elsewhere?  I recall some discussions around this topic, but I don't remember where it ended up.

Most places in the spec where "deprecated" is used, there is no additional context provided.  However in two places we do make additional statements.

Table 6, Token Information Flags

For CKF_SECONDARY_AUTHENTICATION, we state "Deprecated; new implementations MUST NOT set this flag)

Section 6.1.14 PKCS#1 v1.5 RSA signature with hashing

The note under table 47 states that that some of the mechanisms "are deprecated with PKCS#11 3.20. New implementations shall not use these mechanism anymore.".

First, should we align on the use of "MUST NOT" and "shall"?  Do we use the two different wordings intentionally?  I suspect this is just a historical difference that was never noticed.

Second, what is the desired outcome if these statements are violated? 

Thanks

Darren

Hi,

I've noticed in spec that we use the term "deprecated" with no real definition of what it means.  Is it defined elsewhere?  I recall some discussions around this topic, but I don't remember where it ended up.

Most places in the spec where "deprecated" is used, there is no additional context provided.  However in two places we do make additional statements.

Table 6, Token Information Flags

For CKF_SECONDARY_AUTHENTICATION, we state "Deprecated; new implementations MUST NOT set this flag)

Section 6.1.14 PKCS#1 v1.5 RSA signature with hashing

The note under table 47 states that that some of the mechanisms "are deprecated with PKCS#11 3.20. New implementations shall not use these mechanism anymore.".

First, should we align on the use of "MUST NOT" and "shall"?  Do we use the two different wordings intentionally?  I suspect this is just a historical difference that was never noticed.

Second, what is the desired outcome if these statements are violated? 

Thanks

Darren