-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UX: README incorrectly implies that age-plugin-yubikey broadly supports PIV tokens #541
Comments
The keys stored on YubiKeys are not "tokens". P256 in the context of PIV refers to an algorithm for which keys can be generated, and the 20 "retired" slots are another part of the PIV specification (places where key material can be stored). Indeed in "Token" here means the hardware device itself. The language comes from the various PIV standards. For example, in NIST SP 800-57) section 1.5.1 Glossary:
So the documentation is correct that "hardware PIV tokens such as YubiKeys are supported". More specifically, in the
If there's another phrase I could add besides "PIV token" that might make this even clearer, I could do so. |
Thank you for the correction about my language ("token" meaning the hardware device rather than the keys). I think there may be a disconnect between what you intended to communicate when writing that line in the readme and what I understood when I read it. Your intended reading of
might be
but the reading that feels natural to me (i.e. what I believed it to mean) is
with the normal OSS understanding that support is best-effort and possibly not comprehensive. However, Perhaps I should have avoided the word "incorrect" in the title of this issue, but the only more accurate description I can think of is "misleading" which has an implication of purposeful deception that I wanted to avoid. In any case, I think a slight rewording would be useful to anyone like me who arrived at the Examples:
I also want to mention that I didn't open any issues in age-plugin-yubikey because the readme in that project is clear about the intended scope of the project. I would just like the readme files for |
The
rage
README file says thatbut
age-plugin-yubikey
only supports a particular subset of PIV tokens (per this issue, P256 tokens in the 20 "retired" slots).This isn't a huge issue, but clarifying the language might save someone else the time it took me to try out
age-plugin-yubikey
and look through issues before I found the issue linked above.I think something like
would be enough of a change.
I've also created a discussion in the age repo, so if that makes this issue redundant (e.g. because changes to the
age
README would likely result in similar changes to therage
README), feel free to close it.The text was updated successfully, but these errors were encountered: