Re: [Cfrg] On "non-NIST"

Paul Hoffman <paul.hoffman@vpnc.org> Sun, 01 March 2015 00:46 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07E851A00F4 for <cfrg@ietfa.amsl.com>; Sat, 28 Feb 2015 16:46:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UdxFaOnAxpJq for <cfrg@ietfa.amsl.com>; Sat, 28 Feb 2015 16:46:42 -0800 (PST)
Received: from proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E01D41A00F0 for <cfrg@irtf.org>; Sat, 28 Feb 2015 16:46:41 -0800 (PST)
Received: from [10.20.30.109] (142-254-17-245.dsl.dynamic.fusionbroadband.com [142.254.17.245]) (authenticated bits=0) by proper.com (8.15.1/8.14.9) with ESMTPSA id t210keYS047523 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <cfrg@irtf.org>; Sat, 28 Feb 2015 17:46:41 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: proper.com: Host 142-254-17-245.dsl.dynamic.fusionbroadband.com [142.254.17.245] claimed to be [10.20.30.109]
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <CACsn0cmwPZuYBtdGi=2NpXQ+OVC3dZDe1ny00fVLdNn0s7qZ3Q@mail.gmail.com>
Date: Sat, 28 Feb 2015 16:46:40 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <B6AAF561-843B-42E5-B209-F5DA804B3264@vpnc.org>
References: <9A043F3CF02CD34C8E74AC1594475C73AAF91123@uxcn10-5.UoA.auckland.ac.nz> <BE305B0B-80D2-48C6-ACE6-6F6544A04D69@vpnc.org> <CACsn0ckHyRiLBiRe9Vg4TJMUg-+c8vbB2e-QKuHbuZ_NiqC2UA@mail.gmail.com> <B56D6A89-A111-40BB-9AE2-F3EEF512262A@vpnc.org> <CACsn0cmwPZuYBtdGi=2NpXQ+OVC3dZDe1ny00fVLdNn0s7qZ3Q@mail.gmail.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/HNRk70pn-EodveL1WeK-ju7WHq0>
Subject: Re: [Cfrg] On "non-NIST"
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Mar 2015 00:46:43 -0000

On Feb 28, 2015, at 3:41 PM, Watson Ladd <watsonbladd@gmail.com> wrote:
> Safenet's Luna SA Network-attached HSM claims FIPS 140-2 Level 3
> certification and support Brainpool. Granted, I only know about this
> because it's the one Amazon provides and I had occasion to read the
> documentation.
> 
> But you're right that somehow we may need HSM and certification. But
> this works fine for Brainpool, despite not NIST, and there are
> alternatives to FIPS testing for HSMS for use with PKI.
> 
> Source: http://www.safenet-inc.com/data-encryption/hardware-security-modules-hsms/luna-hsms-key-management/luna-sa-network-hsm/#content-left

On Feb 28, 2015, at 3:51 PM, Scott Fluhrer (sfluhrer) <sfluhrer@cisco.com> wrote:
> We have a number of level 2 certified devices that can be configured with
> non-FIPS approved algorithms.  The lab (and the CMVP) were satisfied with
> documentation that said "to be in FIPS mode, the device must be configured
> this way".  Presumably the same logic can work for an HSM.

These are good to hear, and I apologize for my lack of up-to-date information on getting Level 2+ certification in mixed-crypto devices. I still hope NIST will quickly allow certification of whatever curves and signature algorithms the CFRG recommends to the TLS WG, of course, but it does not seem like a blocking factor for vendors to include them in their devices.

--Paul Hoffman