Re: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules

Phil Lello <phil@dunlop-lello.uk> Tue, 18 August 2015 09:33 UTC

Return-Path: <phil@dunlop-lello.uk>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1C011B32D5 for <saag@ietfa.amsl.com>; Tue, 18 Aug 2015 02:33:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RlNrV28vFsXk for <saag@ietfa.amsl.com>; Tue, 18 Aug 2015 02:33:50 -0700 (PDT)
Received: from mail-lb0-f178.google.com (mail-lb0-f178.google.com [209.85.217.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DD561A0018 for <saag@ietf.org>; Tue, 18 Aug 2015 02:33:49 -0700 (PDT)
Received: by lbbpu9 with SMTP id pu9so99190042lbb.3 for <saag@ietf.org>; Tue, 18 Aug 2015 02:33:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=xiRG48YmwTJ5GiuSdSWdCXDNugejQL2WTNm+FuGiuaE=; b=f+/mrObF2fh95UIeDtmfea/k8SHgQ6vjdFiNRP00XItrIy0EDWjc2aadgRU5kkahOk SlbyWXzMOMRMKZ2yBnvlJObU5g7GnFRaVXm3t3jk8sTASMqRRdXswxPcVm595rNxTlyb nd/YwoNsYBLIfwrPDpmX3VvfMUlTUu1KbHhGuptUBhNKcLbt+Q/frP5KIHO69xHn0Aqy SiU7g1ukcWsKxIbWJjG6ceJlS4++ZvVuNQn4hSjyfHk1A+Gtj+gtp0FWPZZaKO87eFyT OpCj5LamhV7Vzip/ujEAXx4Jf/J5im0TVAg4VNndRgefzoIn62nYroMtBzbKO2JnQavd nb3g==
X-Gm-Message-State: ALoCoQnZ24b6IQ3WuAu0NGJ9xXGqzvM7m7QmOaR+mcDF4KovZKSD0ceb6/sW1TZ773+Ahw9XoeYZ
MIME-Version: 1.0
X-Received: by 10.152.2.41 with SMTP id 9mr5469302lar.65.1439890427906; Tue, 18 Aug 2015 02:33:47 -0700 (PDT)
Received: by 10.25.144.193 with HTTP; Tue, 18 Aug 2015 02:33:47 -0700 (PDT)
In-Reply-To: <97152.1439858222@eng-mail01.juniper.net>
References: <55CE5A40.3090804@cs.tcd.ie> <CAPofZaGT__FmChCWNf=iMsyD4s7c1SpUus2Lm_6ubhA3ayfGqA@mail.gmail.com> <CAG-id0ZYG946xZQrsfrMqyQunLpg=ZeGGP8BcQRVtFE0s7b3DQ@mail.gmail.com> <55CF35B2.9020302@cs.tcd.ie> <CACz1E9rg8ZtHLCpZ8utBF67PTOiDKWTDGvepqL0SXL_0WR0=+g@mail.gmail.com> <97152.1439858222@eng-mail01.juniper.net>
Date: Tue, 18 Aug 2015 10:33:47 +0100
Message-ID: <CAPofZaGf4U_7hccU-nMQ9QEuFnbJWa8Pemmzs=hxTec3vtH7rA@mail.gmail.com>
From: Phil Lello <phil@dunlop-lello.uk>
To: "Mark D. Baushke" <mdb@juniper.net>
Content-Type: multipart/alternative; boundary=089e013c625878aa26051d929df6
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/6oPRbdoj1WkF_l51rHDOA7xTAqY>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2015 09:33:51 -0000

I'd just like to clarify that my objection to the paywall isn't about
paying for the standard per-se, as it would be reasonable to pay a fee as
an implementor (much like paying to access C++ standards to write a
compiler). The objection is specifically about needing to pay to access the
standard as part of a review process, as the fee is a barrier to broad
evaluation.

Phil

On Tue, Aug 18, 2015 at 1:37 AM, Mark D. Baushke <mdb@juniper.net>; wrote:

> It may be worth noting that NIST actually put the wrong edition of the
> ISO/IEC standard in the Federal Register article... They intended to put
> 19790:2012 instead.
>
> See also
>
>   http://csrc.nist.gov/groups/STM/cmvp/notices.html
>
>            -- Mark
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>