Re: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules
Richard Barnes <rlb@ipv.sx> Tue, 18 August 2015 13:47 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96EB91A8748 for <saag@ietfa.amsl.com>; Tue, 18 Aug 2015 06:47:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Ax_s1fbzCir for <saag@ietfa.amsl.com>; Tue, 18 Aug 2015 06:47:33 -0700 (PDT)
Received: from mail-vk0-f45.google.com (mail-vk0-f45.google.com [209.85.213.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02D5F1A873A for <saag@ietf.org>; Tue, 18 Aug 2015 06:47:32 -0700 (PDT)
Received: by vkm66 with SMTP id 66so8823167vkm.1 for <saag@ietf.org>; Tue, 18 Aug 2015 06:47:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=IZiy8rV7o/rGtYAd7hrHYnkBeNJyNUxeUQp70lcJT4w=; b=iUmumwgrUYzoWpz/KyxCLu42e7Pgtic4zNFSaIN548TrPACWO2ok5aiN8w/fvUeAeB 8B70er4GwpJNQpZc4Iwn1QY0KtfFvr9w/9D0avZXShJoMsOEyNPX7wkd2zXjcF7cwQjk sA+Yn5gIZnkOIScfNiIwp8KzSOEsIu4ImXoeEfErdxC560wIv3BNPK9uiFaUKv2ctza+ xIteHaoG3iG8TcnQpBzTpAL7DSPRFsdmbnONa1K1eIuUGI2po6qIJ81mJRv7t43ldifI ScBkTLNU6CygIQiGD+q8hhuV28lzjmZbuYJ9VDnL+nHLrc1bl4jtMITjVGwVyUdZJyCQ Juhw==
X-Gm-Message-State: ALoCoQkMgpneCnBy8KgHkeYzBHqt1HspforNCg6WhpWtP+hJ+98aB68cLQUZZJUafCO/08XhXnAo
MIME-Version: 1.0
X-Received: by 10.52.69.241 with SMTP id h17mr8898942vdu.68.1439905652250; Tue, 18 Aug 2015 06:47:32 -0700 (PDT)
Received: by 10.31.164.207 with HTTP; Tue, 18 Aug 2015 06:47:32 -0700 (PDT)
In-Reply-To: <CAPofZaGf4U_7hccU-nMQ9QEuFnbJWa8Pemmzs=hxTec3vtH7rA@mail.gmail.com>
References: <55CE5A40.3090804@cs.tcd.ie> <CAPofZaGT__FmChCWNf=iMsyD4s7c1SpUus2Lm_6ubhA3ayfGqA@mail.gmail.com> <CAG-id0ZYG946xZQrsfrMqyQunLpg=ZeGGP8BcQRVtFE0s7b3DQ@mail.gmail.com> <55CF35B2.9020302@cs.tcd.ie> <CACz1E9rg8ZtHLCpZ8utBF67PTOiDKWTDGvepqL0SXL_0WR0=+g@mail.gmail.com> <97152.1439858222@eng-mail01.juniper.net> <CAPofZaGf4U_7hccU-nMQ9QEuFnbJWa8Pemmzs=hxTec3vtH7rA@mail.gmail.com>
Date: Tue, 18 Aug 2015 09:47:32 -0400
Message-ID: <CAL02cgTgFcjqtsqroy2LaLjNu8Ezzf_uSxXo3Po-3KfhdrHq=w@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Phil Lello <phil@dunlop-lello.uk>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/5b5caKB2Oc8Jp5r3QfOnDy42hLY>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2015 13:47:34 -0000
On Tue, Aug 18, 2015 at 5:33 AM, Phil Lello <phil@dunlop-lello.uk> wrote: > I'd just like to clarify that my objection to the paywall isn't about paying > for the standard per-se, as it would be reasonable to pay a fee as an > implementor (much like paying to access C++ standards to write a compiler). > The objection is specifically about needing to pay to access the standard as > part of a review process, as the fee is a barrier to broad evaluation. Well, then let me explicitly disagree with this position. The standards that run the Internet need to be widely implemented, and that means the specs need to be widely available. As Russ observed, the current FIPS standards are freely available, so moving to a paywalled standard would be a major step backwards. And a step backwards for, AFAICT, no benefit. I would also observe that "free for review, pay for implementation" is not really a realistic position. If anyone can download the spec for review, then it will be out there on the Internet after it's finalized. Much like the C++ spec, in fact (see the links in https://en.wikipedia.org/wiki/C%2B%2B). And in practice that just means that everyone will use the free "almost final" version, not the paywalled "final" version. --Richard > > Phil > > On Tue, Aug 18, 2015 at 1:37 AM, Mark D. Baushke <mdb@juniper.net> wrote: >> >> It may be worth noting that NIST actually put the wrong edition of the >> ISO/IEC standard in the Federal Register article... They intended to put >> 19790:2012 instead. >> >> See also >> >> http://csrc.nist.gov/groups/STM/cmvp/notices.html >> >> -- Mark >> >> _______________________________________________ >> saag mailing list >> saag@ietf.org >> https://www.ietf.org/mailman/listinfo/saag > > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag >
- [saag] NIST requests comments on using ISO/IEC 19… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… Phil Lello
- Re: [saag] NIST requests comments on using ISO/IE… David Lloyd-Jones
- Re: [saag] NIST requests comments on using ISO/IE… Paterson, Kenny
- Re: [saag] NIST requests comments on using ISO/IE… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… William Whyte
- Re: [saag] NIST requests comments on using ISO/IE… Michael Richardson
- Re: [saag] NIST requests comments on using ISO/IE… Russ Housley
- Re: [saag] NIST requests comments on using ISO/IE… Richard Barnes
- Re: [saag] NIST requests comments on using ISO/IE… Russ Housley
- Re: [saag] NIST requests comments on using ISO/IE… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… Mark D. Baushke
- Re: [saag] NIST requests comments on using ISO/IE… Phil Lello
- Re: [saag] NIST requests comments on using ISO/IE… Richard Barnes
- Re: [saag] NIST requests comments on using ISO/IE… Michael Richardson
- Re: [saag] NIST requests comments on using ISO/IE… Michael Richardson
- Re: [saag] NIST requests comments on using ISO/IE… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… Jeffrey Walton