search

Yubico / developers.yubico.com

Source code for generating our website
https://developers.yubico.com
53 stars 63 forks source link

Suggested edit for YubiHSM2/Concepts/Session #92

Closed miguelUS closed 6 years ago

miguelUS commented 6 years ago
  1. Add more details about the 16 concurrent session limit: can all 16 session use the same key? how does the "pool of reusable sessions" work, is it managed by the device?
  2. Clarify that the connector just relays commands to the HSM (it's not mentioned in the connector section explicitly), are connections closed at some point (for example if the machine hibernates)?
  3. Would be useful to explicitly state somewhere which commands do not require a session
a-dma commented 6 years ago

Add more details about the 16 concurrent session limit: can all 16 session use the same key? how does the "pool of reusable sessions" work, is it managed by the device?

Yes, the only thing users need to worry about is specifying the session number they received from the device when sending commands.

Clarify that the connector just relays commands to the HSM (it's not mentioned in the connector section explicitly), are connections closed at some point (for example if the machine hibernates)?

Session expiration is explained here: https://developers.yubico.com/YubiHSM2/Concepts/Session.html

Would be useful to explicitly state somewhere which commands do not require a session

DEVICE INFO is the only useful command that does not require a session (besides the session creation commands). That said the command can be sent over a session, so I'm not sure such a list would be helpful.