Re: [Cfrg] FIPS or equivalent approvals
David Jacobson <dmjacobson@sbcglobal.net> Thu, 31 July 2014 04:50 UTC
Return-Path: <dmjacobson@sbcglobal.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACAC71A01E0 for <cfrg@ietfa.amsl.com>; Wed, 30 Jul 2014 21:50:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w1tYm1IgBg8Z for <cfrg@ietfa.amsl.com>; Wed, 30 Jul 2014 21:50:44 -0700 (PDT)
Received: from nm19-vm3.access.bullet.mail.gq1.yahoo.com (nm19-vm3.access.bullet.mail.gq1.yahoo.com [216.39.63.77]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6E861A0197 for <cfrg@irtf.org>; Wed, 30 Jul 2014 21:50:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s2048; t=1406782244; bh=Z7GOICK3sAWliyTb7jl8xBgDR32uAa6fAE5YHGTlTZw=; h=Received:Received:Received:DKIM-Signature:X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=IscHBfmnvQoQE2Q3GVYx3ha5q5cbZJkNoFwDUADzRMpAozDqmsz/kpUvjsIC/LTINsoNsV1o3/RCMuVlU9sbdQ/j6LpR3ogKm+HYDEhu2U6Fy5WB3rmaJrxARKyxOOp1hGvh8w8iDbWV7UV3PA9/7oWNX0ECLxEA1DBXLm+rx+vnI9n3VZwE+5zc76axpDxiz8jWpQIwjHFqR9dME+bk2sg+ktPfP/+W/koYai3QhSGx+SXuqK2tkgNddudxWjU8E5D5Af7ivoSRk+k8DH0GGlqoCc1bBF+20a+afjeIf00ic1egYib2+ef7nk9JCBWEGjdqmVxbwzRfX7QQ+9UfdA==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=sbcglobal.net; b=heQfJNSfxsWZS99qr7I0fSH5d3geu+0vFtPogqR8Hrj1eYs1wPHIEnM+4CBu0VZXFojdwSugHD/CkRgIwYO63msgJ02/RlVuIlszdOEoO7rs8WV/SGPWlNjG7sLKmZCmqqNIfXFRQhPmIhmLqimKEEuJXd0oC6SOF2xcBuMiMbDGPgQqQNj1mO4mxVEw79yepug5G6DDqDNXCk2O3vpcSX65CV6+6YxSQrtIkwEEtuTBapONRWP7Y6/y45K/lOGR0Agq8g/Z8JM/rHgaM5dDeY7QFUTg9jaHo4jlZBCzObZ2ntAaJWhOxeHbbYnRCPXR22MPq5yvzsxUO0Jlp6pgfQ==;
Received: from [216.39.60.170] by nm19.access.bullet.mail.gq1.yahoo.com with NNFMP; 31 Jul 2014 04:50:44 -0000
Received: from [67.195.23.147] by tm6.access.bullet.mail.gq1.yahoo.com with NNFMP; 31 Jul 2014 04:50:44 -0000
Received: from [127.0.0.1] by smtp119.sbc.mail.gq1.yahoo.com with NNFMP; 31 Jul 2014 04:50:44 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s1024; t=1406782244; bh=Z7GOICK3sAWliyTb7jl8xBgDR32uAa6fAE5YHGTlTZw=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=h74JjAS+IsnauB7WzQs2g4Trirhl6DhLIO9s6cSMhimJqz6auPekoYSrSQfcGxXJ5jdEU9goRtk8fbTzVnJKCFj7rXQ+iDjsK0xxfjxTP9l5YYlotdtMSi+HtH5+6FuzEoWRMkwEfUYhoUsl+sgnJEPvIzbuyuejdVwBKKccu40=
X-Yahoo-Newman-Id: 151651.20976.bm@smtp119.sbc.mail.gq1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: mI_7E94VM1kRF8FIpxB634Tkemyx6XTBF1BjKgmbnX3mPjm 7Ya8RxVSrUkW_W.5hIG9TKpCEpU68dvBtf_4DwMsZe35gdXhdQDEFN0kyPdK 0kkpXXjFY9wrG.28Dh8Rp_MVXv0ZEHRaUjoBTuHJTiqOsSfHEvTNetdHjJKt UWbWIFbSfsgTfPNwC1NxxWGoB7EvtNfywwEUKxVUZOTOX3IAk2smUQ_QkRFa 6TSAzuo4dumc_4VDzvlI2M983zJh4hE0eeYtzsQzNVTnRyF.NB0MBiyhLnDi 8rp6bkZGroWV1Yf9z6nWH9_9_QcwPYsT0JCdLtF_RTtaSgasDCa1lDy70XXf NKrAI2mvPs3YSQa7tODsy4b_DdvkgJjlfdaqvs7LbgHQpKnQ6PsRQFLSGCRQ 8nraBm7A6g4MgjNmHgUspfnEGXYgr93scX7yaNb1bTJBciDSMPUSYZpEhLWb LA19eS2J2W2GCiN3TkSyKI.dSuzeFAf0hyxJsvB7Zwoq_MBW5RYxW4Xa4rfU QwtpTowFuoSYTAjeupQIpw8RrMaoebbsJhfCXe5JgmpFwrcj._RmU9w4j.GB RUvoEPF1rnNkkGe2UCx9hyWF.JP120iCy6ya6TgDE9v474wbAM98-
X-Yahoo-SMTP: nOrmCa6swBAE50FabWnlVFUpgFVJ9Gbi__8U5mpvhtQq7tTV1g--
Message-ID: <53D9CB23.8080807@sbcglobal.net>
Date: Wed, 30 Jul 2014 21:50:43 -0700
From: David Jacobson <dmjacobson@sbcglobal.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: cfrg@irtf.org
References: <CAMm+LwhYWfP30=rdYQoVZ=Ns8dCn2HdjKLLPCP7Yw540eifvOg@mail.gmail.com> <53D7E119.7040209@akr.io> <2A0EFB9C05D0164E98F19BB0AF3708C718599EDC92@USMBX1.msg.corp.akamai.com> <53D9BE05.6080806@sbcglobal.net>
In-Reply-To: <53D9BE05.6080806@sbcglobal.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/wKg7yaqmTTYgiILWUrsb9NxJbYg
Subject: Re: [Cfrg] FIPS or equivalent approvals
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jul 2014 04:50:46 -0000
On 7/30/14 8:54 PM, David Jacobson wrote: > On 7/29/14 11:43 AM, Salz, Rich wrote: >>> I feel a HSM/smartcard/token design actually worthy of >>> third-party trust would need: >> Check out http://cryptech.is >> >> -- >> Principal Security Engineer >> Akamai Technologies, Cambridge MA >> IM: rsalz@jabber.me Twitter: RichSalz >> > In a past life, I worked on the design of an HSM that was used by lots > of banks. (FIPS 140-2 level 3) It was basically just an ARM > processor and a crypto accelerator in a module coated with hard opaque > epoxy. There is no reason that the firmware couldn't be modified to > do Curve 25519. Of course, it would be slower, since it wouldn't get > any benefit from the crypto accelerator, and you couldn't put it in > FIPS mode with that curve enabled (not a "FIPS approved algorithm"). > > --David Jacobson Oops. I replied to the wrong message. There was a talk of how a new curve would require new HSMs, and the manufacturers should get working on it, etc. My point was that for the manufacturer who has all the code for the HSM, adding a new curve is is much simpler than designing an HSM from scratch. Rich's remark was about the need for an open HSM, so we could trust it. An entirely different subject. --David
- [Cfrg] FIPS or equivalent approvals Phillip Hallam-Baker
- Re: [Cfrg] FIPS or equivalent approvals Paul Hoffman
- Re: [Cfrg] FIPS or equivalent approvals Salz, Rich
- Re: [Cfrg] FIPS or equivalent approvals Robert Moskowitz
- Re: [Cfrg] FIPS or equivalent approvals Alyssa Rowan
- Re: [Cfrg] FIPS or equivalent approvals Phillip Hallam-Baker
- Re: [Cfrg] FIPS or equivalent approvals Phillip Hallam-Baker
- Re: [Cfrg] FIPS or equivalent approvals Salz, Rich
- Re: [Cfrg] FIPS or equivalent approvals David Jacobson
- Re: [Cfrg] FIPS or equivalent approvals David Jacobson
- Re: [Cfrg] FIPS or equivalent approvals Randy Bush