[Cfrg] FIPS or equivalent approvals

Phillip Hallam-Baker <phill@hallambaker.com> Tue, 29 July 2014 15:03 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 6F7341B281F for <cfrg@ietfa.amsl.com>; Tue, 29 Jul 2014 08:03:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id TyPlc6sjC6wy for <cfrg@ietfa.amsl.com>; Tue, 29 Jul 2014 08:03:27 -0700 (PDT)
Received: from mail-we0-x22f.google.com (mail-we0-x22f.google.com [IPv6:2a00:1450:400c:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2992B1B295F for <cfrg@irtf.org>; Tue, 29 Jul 2014 08:03:20 -0700 (PDT)
Received: by mail-we0-f175.google.com with SMTP id t60so9037340wes.6 for <cfrg@irtf.org>; Tue, 29 Jul 2014 08:03:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=OaWtDwQmsRR1bVuNUNwK1XcEofX8xtNlobhWkn4Q1t0=; b=W53UCStx1KuSXdIbHAVu7P+OGPlXvqibYIHf+LNTtTI9iyvqsHtsrbVb+hCItvBzSv /NV42ZLbeRGCdBB2bMRvc+drkKadYzGlPT5Uy2f5gB5vyqHuuHFCL2oppR869d1c7T2c KUIlCO2rkGZ24cptoFvWoPXxAgKqIiZE3jlGMi4M+yjITGSlc83xRHT1TT0bIl1utPs0 xnoc2QlaPJLP0h1DnkdJagDemtHtkrs///EHhG+qrKNmHmYGTsS7lG6G5GjeN5lT4Ec7 p7cn3FCxY4IYoZrEnfD/hH96/+isepwT3qvzHKunP3BJQdvrOSPsr1EvFCOKURzhoH6K yVlQ==
MIME-Version: 1.0
X-Received: by with SMTP id ek4mr7084171wib.13.1406646199567; Tue, 29 Jul 2014 08:03:19 -0700 (PDT)
Sender: hallam@gmail.com
Received: by with HTTP; Tue, 29 Jul 2014 08:03:19 -0700 (PDT)
Date: Tue, 29 Jul 2014 11:03:19 -0400
X-Google-Sender-Auth: pvY3Vlg4Uz1QiYPtgo6KHSpRBZU
Message-ID: <CAMm+LwhYWfP30=rdYQoVZ=Ns8dCn2HdjKLLPCP7Yw540eifvOg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: cfrg@irtf.org
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/P1FRnfdt07bqmFCSNWpg3xQ5y7E
Subject: [Cfrg] FIPS or equivalent approvals
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jul 2014 15:03:28 -0000

Choosing a curve is not all that we are going to need to make ECC crypto happen.

If we are going to use the new curves in PKIX (a major part of TLS) we
are going to need trustworthy HSMs. Which in turn means that we are
going to need some standard for approvals to be audited against and
possibly someone to run the process.

This might well mean that it is impractical to move away from some
form of DSA for signatures or at the very least mean that there is a
penalty for doing so. This is not likely to be as urgent a concern for
encryption as that is only an end entity issue and only a tiny
proportion of end entity applications require approved HSMs and those
that do are likely to require the NIST curves anyway.

So one consequence of this is that it would probably be advantageous
to the hardware vendors if they started taking notice of the
discussions as they are likely to see demand for new HSMs in the near

Getting their participation and input would probably be useful to all concerned.