[saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 14 August 2015 21:14 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54E881A8A1C for <saag@ietfa.amsl.com>; Fri, 14 Aug 2015 14:14:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8wMeCk2ZU6l5 for <saag@ietfa.amsl.com>; Fri, 14 Aug 2015 14:14:44 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C13AF1A8A12 for <saag@ietf.org>; Fri, 14 Aug 2015 14:14:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 4951EBE47 for <saag@ietf.org>; Fri, 14 Aug 2015 22:14:42 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7rAVcln2P9d6 for <saag@ietf.org>; Fri, 14 Aug 2015 22:14:40 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.42.22.71]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C7C03BDCF for <saag@ietf.org>; Fri, 14 Aug 2015 22:14:40 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1439586880; bh=TgPrk9Q82/wo+RRWRtBAjE7U6EdvlNth1OMLM9+OEtQ=; h=Date:From:To:Subject:From; b=iC+9SF2QwPZ8HnhNUpnEk8mcnofzVw0G86nBWPDRGjzoD2CkGReoeyg+hEu6b6/cR LYsnqdGQwyus3R/kdbieCuou1cHsMIIDlGABtuMvQPr8g9n4B3FNEejFmDAdwQg7cJ Y4tbVOdkC7eYJ53UWl4ROfkqYW7a7UnsA8SGfiR4=
Message-ID: <55CE5A40.3090804@cs.tcd.ie>
Date: Fri, 14 Aug 2015 22:14:40 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: "saag@ietf.org" <saag@ietf.org>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/AudTcpHdqne7bPf-ZqNpnswqcDc>
Subject: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2015 21:14:46 -0000

Hiya,

As an FYI, those of you who are interested in cryptographic
module APIs would probably be interested in this. [1] (partly
copied below.)

I'm told the ISO spec is behind a paywall, but haven't gone
to look and see if there's a version freely available, so
it's hard to know what kind of change this might represent.
If someone has more info on that it might be useful to
share that here.

Cheers,
S.

[]1 http://csrc.nist.gov/news_events/#aug12


-----------

NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal
Standard for cryptographic modules

NIST is seeking public comments on using International Organization for
Standardization/International Electrotechnical Commission (ISO/IEC)
standards for cryptographic algorithm and cryptographic module testing,
conformance, and validation activities, currently specified by Federal
Information Processing Standard (FIPS) 140-2. The National Technology
Transfer and Advancement Act (NTTAA), Public Law 104-113, directs
federal agencies to adopt voluntary consensus standards wherever
possible. The responses to this request for information (RFI) will be
used to plan possible changes to the FIPS or in a decision to use all or
part of ISO/IEC 19790:2012, Security Requirements for Cryptographic
Modules, for testing, conformance and validation of cryptographic
algorithms and modules.

The **RFI posted in today’s Federal Register provides additional
background information, including seven questions that NIST is
especially interested in having addressed, as well as NIST’s intentions.

 Send public comments to: UseOfISO@nist.gov (also see the address for
sending written comments)

Comment period closes: September 28, 2015