Re: [Cfrg] FIPS or equivalent approvals
Robert Moskowitz <rgm-sec@htt-consult.com> Tue, 29 July 2014 17:37 UTC
Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C81D91B28E6 for <cfrg@ietfa.amsl.com>; Tue, 29 Jul 2014 10:37:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qQd1NNIRqfcI for <cfrg@ietfa.amsl.com>; Tue, 29 Jul 2014 10:37:49 -0700 (PDT)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [IPv6:2607:f4b8:3:0:218:71ff:fe83:66b9]) by ietfa.amsl.com (Postfix) with ESMTP id 7D6851B2968 for <cfrg@irtf.org>; Tue, 29 Jul 2014 10:37:45 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 5840862AE4; Tue, 29 Jul 2014 17:37:43 +0000 (UTC)
X-Virus-Scanned: amavisd-new at localhost
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aGzZve90GJe0; Tue, 29 Jul 2014 13:37:33 -0400 (EDT)
Received: from lx120e.htt-consult.com (nc4010.htt-consult.com [208.83.67.156]) (Authenticated sender: rgm-sec@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id CE2EE62ACB; Tue, 29 Jul 2014 13:37:32 -0400 (EDT)
Message-ID: <53D7DBDC.9040301@htt-consult.com>
Date: Tue, 29 Jul 2014 13:37:32 -0400
From: Robert Moskowitz <rgm-sec@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>, Phillip Hallam-Baker <phill@hallambaker.com>
References: <CAMm+LwhYWfP30=rdYQoVZ=Ns8dCn2HdjKLLPCP7Yw540eifvOg@mail.gmail.com> <B66338D8-9674-449A-8907-CDA59988D2CD@vpnc.org>
In-Reply-To: <B66338D8-9674-449A-8907-CDA59988D2CD@vpnc.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/7mb3dk17icQubUpiBefCITuFFoI
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] FIPS or equivalent approvals
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jul 2014 17:37:54 -0000
On 07/29/2014 11:34 AM, Paul Hoffman wrote: > On Jul 29, 2014, at 8:03 AM, Phillip Hallam-Baker <phill@hallambaker.com> wrote: > >> Choosing a curve is not all that we are going to need to make ECC crypto happen. >> >> If we are going to use the new curves in PKIX (a major part of TLS) we >> are going to need trustworthy HSMs. Which in turn means that we are >> going to need some standard for approvals to be audited against and >> possibly someone to run the process. > What do you mean by "we" in that paragraph? CFRG does not need HSMs, and CFRG does not ned "some standard" for anything. I suspect you mean "implementers of IETF standards", which is not "we". > > CFRG should do research and make recommendations for new cryptography to the IETF regardless of what it might cost for implementers to use what is proposed. In large measure I agree with Paul, to some definition of cost. Cloud computing (for example) clouds the whole HSM discussion and really scares the bejeepers out of me (based on discussions I have had with cloud/nfv/onf people on this subject). So let's keep our battlefields clearly delineated and not have one campaign spill over into another.
- [Cfrg] FIPS or equivalent approvals Phillip Hallam-Baker
- Re: [Cfrg] FIPS or equivalent approvals Paul Hoffman
- Re: [Cfrg] FIPS or equivalent approvals Salz, Rich
- Re: [Cfrg] FIPS or equivalent approvals Robert Moskowitz
- Re: [Cfrg] FIPS or equivalent approvals Alyssa Rowan
- Re: [Cfrg] FIPS or equivalent approvals Phillip Hallam-Baker
- Re: [Cfrg] FIPS or equivalent approvals Phillip Hallam-Baker
- Re: [Cfrg] FIPS or equivalent approvals Salz, Rich
- Re: [Cfrg] FIPS or equivalent approvals David Jacobson
- Re: [Cfrg] FIPS or equivalent approvals David Jacobson
- Re: [Cfrg] FIPS or equivalent approvals Randy Bush