Re: Comments from the IAB on NIST SP 800-90A Proceeding

Jari Arkko <jari.arkko@piuha.net> Thu, 24 October 2013 07:35 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D304E11E82FA for <ietf@ietfa.amsl.com>; Thu, 24 Oct 2013 00:35:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.579
X-Spam-Level:
X-Spam-Status: No, score=-102.579 tagged_above=-999 required=5 tests=[AWL=0.020, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ubEYnKduwZAY for <ietf@ietfa.amsl.com>; Thu, 24 Oct 2013 00:35:28 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id 7524211E82EF for <ietf@ietf.org>; Thu, 24 Oct 2013 00:35:23 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id ABBB22CC95; Thu, 24 Oct 2013 10:35:22 +0300 (EEST)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KsKjTtO8SW8c; Thu, 24 Oct 2013 10:35:22 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id 00F262CC48; Thu, 24 Oct 2013 10:35:18 +0300 (EEST)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
Subject: Re: Comments from the IAB on NIST SP 800-90A Proceeding
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <CADnDZ8_Vor0ksG1Q+PU0QH1O-ViDbziBqNh72bw4eL1T2LCrKA@mail.gmail.com>
Date: Thu, 24 Oct 2013 15:35:15 +0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <F4E2F776-0744-4DE2-9B0A-86CB9736C33F@piuha.net>
References: <CAOW+2dukS-Zye-T9NcWnstSmydpG4YaT6bW_CKh-KYhJQfasUA@mail.gmail.com> <02364CCE-9122-4EC0-A2D8-16C3FE16245F@isoc.org> <0C7687D7-CFAF-4122-950D-13DCAC6A3598@iab.org> <CADnDZ8_Vor0ksG1Q+PU0QH1O-ViDbziBqNh72bw4eL1T2LCrKA@mail.gmail.com>
To: Abdussalam Baryun <abdussalambaryun@gmail.com>
X-Mailer: Apple Mail (2.1510)
Cc: IAB <iab@iab.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 07:35:34 -0000

Abdussalam,

> The comment has a statement which I am against;
> IETF standards depend on NIST standards and the process by which they are developed.
> 
> The statement contradicts the first, that IETF references also other government algorithms.
> Is this a specific or general dependence? And does IETF standards really depend on NIST standard process and development? Is the statement talking about all IETF security standards?

The point was that some IETF standards do normatively refer to NIST standards. (Look for "NIST" in RFCs and you'll find many hits.)

Of course, IETF standards also depend on many other things, including algorithms developed by others :-)

Hope this clarifies,

Jari