Re: [Cfrg] FIPS or equivalent approvals

Paul Hoffman <paul.hoffman@vpnc.org> Tue, 29 July 2014 15:35 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0CD41B2980 for <cfrg@ietfa.amsl.com>; Tue, 29 Jul 2014 08:35:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vZfDRZaonYEz for <cfrg@ietfa.amsl.com>; Tue, 29 Jul 2014 08:35:56 -0700 (PDT)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 644281B2874 for <cfrg@irtf.org>; Tue, 29 Jul 2014 08:34:39 -0700 (PDT)
Received: from [10.20.30.90] (50-1-51-60.dsl.dynamic.fusionbroadband.com [50.1.51.60]) (authenticated bits=0) by hoffman.proper.com (8.14.8/8.14.7) with ESMTP id s6TFYXut006588 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 29 Jul 2014 08:34:35 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 50-1-51-60.dsl.dynamic.fusionbroadband.com [50.1.51.60] claimed to be [10.20.30.90]
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <CAMm+LwhYWfP30=rdYQoVZ=Ns8dCn2HdjKLLPCP7Yw540eifvOg@mail.gmail.com>
Date: Tue, 29 Jul 2014 08:34:31 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <B66338D8-9674-449A-8907-CDA59988D2CD@vpnc.org>
References: <CAMm+LwhYWfP30=rdYQoVZ=Ns8dCn2HdjKLLPCP7Yw540eifvOg@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/sOTqo5-MF8A6RboJiUpKacw7umA
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] FIPS or equivalent approvals
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jul 2014 15:35:56 -0000

On Jul 29, 2014, at 8:03 AM, Phillip Hallam-Baker <phill@hallambaker.com> wrote:

> Choosing a curve is not all that we are going to need to make ECC crypto happen.
> 
> If we are going to use the new curves in PKIX (a major part of TLS) we
> are going to need trustworthy HSMs. Which in turn means that we are
> going to need some standard for approvals to be audited against and
> possibly someone to run the process.

What do you mean by "we" in that paragraph? CFRG does not need HSMs, and CFRG does not ned "some standard" for anything. I suspect you mean "implementers of IETF standards", which is not "we".

CFRG should do research and make recommendations for new cryptography to the IETF regardless of what it might cost for implementers to use what is proposed.

--Paul Hoffman