Re: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules
Richard Barnes <rlb@ipv.sx> Mon, 17 August 2015 20:33 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F84C1A1ACC for <saag@ietfa.amsl.com>; Mon, 17 Aug 2015 13:33:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RIypscesY1rj for <saag@ietfa.amsl.com>; Mon, 17 Aug 2015 13:33:27 -0700 (PDT)
Received: from mail-vk0-f47.google.com (mail-vk0-f47.google.com [209.85.213.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 801D21A1AB3 for <saag@ietf.org>; Mon, 17 Aug 2015 13:33:27 -0700 (PDT)
Received: by vkbf67 with SMTP id f67so59637209vkb.3 for <saag@ietf.org>; Mon, 17 Aug 2015 13:33:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=iC2KKxF8r8reS/6FMB6cgag4P1RtPWCtNy/i335B+3A=; b=mkSJr7XuEslFAKm73LChNFCgbV3mnGHHqvRhERzrnWZDBgOenzVwrTiLrHlYnHlJh8 9OJdg1HdxnuMi6Z8pVZ9srvZ9od0LT3OFZyeV8rcFwp4vlbFxDKyTjZk5NwotuwId5yR DZsPchpHb8IK9ge644sJ6DDXXO5kLGhZdyokobLvOJkvs4EYi9Ps4NS5Q52nw2xXxjmZ TW8Fs5gUhuh+whVyBF3LMetQhWDAI/9VU7rBH0dUGRJQlqs3dGR60O7kaHXXn/iQbFXb BeecL2IV3gV268n5sCpwucfyCoT+M+w0Q8D7A9DgL+hvRutu8C77+nvCkhhjc0tou6bQ 8gsg==
X-Gm-Message-State: ALoCoQmYO2SN+OroooieB8sKzoREz1pWBggKNsmy03QRgJRXenFLV2NlrN/rcyYJna2dKEMnxzYP
MIME-Version: 1.0
X-Received: by 10.52.237.161 with SMTP id vd1mr3841694vdc.65.1439843606639; Mon, 17 Aug 2015 13:33:26 -0700 (PDT)
Received: by 10.31.164.207 with HTTP; Mon, 17 Aug 2015 13:33:26 -0700 (PDT)
In-Reply-To: <F2C87ED1-E00B-4B46-AF01-33FF4FD0A237@vigilsec.com>
References: <55CE5A40.3090804@cs.tcd.ie> <CAPofZaGT__FmChCWNf=iMsyD4s7c1SpUus2Lm_6ubhA3ayfGqA@mail.gmail.com> <CAG-id0ZYG946xZQrsfrMqyQunLpg=ZeGGP8BcQRVtFE0s7b3DQ@mail.gmail.com> <55CF35B2.9020302@cs.tcd.ie> <CACz1E9rg8ZtHLCpZ8utBF67PTOiDKWTDGvepqL0SXL_0WR0=+g@mail.gmail.com> <F2C87ED1-E00B-4B46-AF01-33FF4FD0A237@vigilsec.com>
Date: Mon, 17 Aug 2015 16:33:26 -0400
Message-ID: <CAL02cgQjM=gStDy-O1a4GXBFh=2Zur4br4Ea17XKW3_fEru1MA@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/43A_YEY8d72_j8dWxbukcCMgndY>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2015 20:33:29 -0000
On Mon, Aug 17, 2015 at 2:48 PM, Russ Housley <housley@vigilsec.com> wrote: > It is not clear to me that the use of ISO/IEC 19790 offers any improvement > for the people that make crypto modules or the people that purchase crypto > modules. The specification being behind a paywall means that fewer people > will know what it says. Since the existing FIPS documents are freely > available online, this seems to me to be a move in the wrong direction. +1, but presumably these comments should be going to some NIST channel? > > Russ > > > On Aug 17, 2015, at 12:21 PM, William Whyte wrote: > > In fairness, NIST explicitly call this out themselves at > https://www.federalregister.gov/articles/2015/08/12/2015-19743/government-use-of-standards-for-security-and-conformance-requirements-for-cryptographic-algorithm: > > NIST is also interested in feedback on the impacts of a potential U.S. > Government requirement for use and conformance using a standard with a > fee-based model where organizations must purchase copies of the ISO/IEC > 19790:2014. > > William > > On Sat, Aug 15, 2015 at 8:50 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> > wrote: >> >> >> >> On 15/08/15 12:24, David Lloyd-Jones wrote: >> > What is it you have "heard," Stephen, that has given Phil this avalanche >> > of >> > "reason to object"? >> >> I already said that I have been told that the ISO spec is behind >> a paywall, that is all. And now I've said it twice:-) >> >> Whether or not that's a deal for folks who've previously been >> willing to subject themselves to FIPS140 fun is a reasonable >> question. But it's also reasonable to point out that that is >> a barrier to broad, open review. >> >> And of course, if you care about any of this, then telling >> NIST what you think is the correct action. >> >> S. > > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag >
- [saag] NIST requests comments on using ISO/IEC 19… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… Phil Lello
- Re: [saag] NIST requests comments on using ISO/IE… David Lloyd-Jones
- Re: [saag] NIST requests comments on using ISO/IE… Paterson, Kenny
- Re: [saag] NIST requests comments on using ISO/IE… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… William Whyte
- Re: [saag] NIST requests comments on using ISO/IE… Michael Richardson
- Re: [saag] NIST requests comments on using ISO/IE… Russ Housley
- Re: [saag] NIST requests comments on using ISO/IE… Richard Barnes
- Re: [saag] NIST requests comments on using ISO/IE… Russ Housley
- Re: [saag] NIST requests comments on using ISO/IE… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… Mark D. Baushke
- Re: [saag] NIST requests comments on using ISO/IE… Phil Lello
- Re: [saag] NIST requests comments on using ISO/IE… Richard Barnes
- Re: [saag] NIST requests comments on using ISO/IE… Michael Richardson
- Re: [saag] NIST requests comments on using ISO/IE… Michael Richardson
- Re: [saag] NIST requests comments on using ISO/IE… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… Jeffrey Walton