[saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 14 August 2015 21:14 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 54E881A8A1C for <saag@ietfa.amsl.com>; Fri, 14 Aug 2015 14:14:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 8wMeCk2ZU6l5 for <saag@ietfa.amsl.com>; Fri, 14 Aug 2015 14:14:44 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C13AF1A8A12 for <saag@ietf.org>; Fri, 14 Aug 2015 14:14:43 -0700 (PDT)
Received: from localhost (localhost []) by mercury.scss.tcd.ie (Postfix) with ESMTP id 4951EBE47 for <saag@ietf.org>; Fri, 14 Aug 2015 22:14:42 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([]) by localhost (mercury.scss.tcd.ie []) (amavisd-new, port 10024) with ESMTP id 7rAVcln2P9d6 for <saag@ietf.org>; Fri, 14 Aug 2015 22:14:40 +0100 (IST)
Received: from [] (unknown []) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C7C03BDCF for <saag@ietf.org>; Fri, 14 Aug 2015 22:14:40 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1439586880; bh=TgPrk9Q82/wo+RRWRtBAjE7U6EdvlNth1OMLM9+OEtQ=; h=Date:From:To:Subject:From; b=iC+9SF2QwPZ8HnhNUpnEk8mcnofzVw0G86nBWPDRGjzoD2CkGReoeyg+hEu6b6/cR LYsnqdGQwyus3R/kdbieCuou1cHsMIIDlGABtuMvQPr8g9n4B3FNEejFmDAdwQg7cJ Y4tbVOdkC7eYJ53UWl4ROfkqYW7a7UnsA8SGfiR4=
Message-ID: <55CE5A40.3090804@cs.tcd.ie>
Date: Fri, 14 Aug 2015 22:14:40 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: "saag@ietf.org" <saag@ietf.org>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/AudTcpHdqne7bPf-ZqNpnswqcDc>
Subject: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2015 21:14:46 -0000


As an FYI, those of you who are interested in cryptographic
module APIs would probably be interested in this. [1] (partly
copied below.)

I'm told the ISO spec is behind a paywall, but haven't gone
to look and see if there's a version freely available, so
it's hard to know what kind of change this might represent.
If someone has more info on that it might be useful to
share that here.


[]1 http://csrc.nist.gov/news_events/#aug12


NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal
Standard for cryptographic modules

NIST is seeking public comments on using International Organization for
Standardization/International Electrotechnical Commission (ISO/IEC)
standards for cryptographic algorithm and cryptographic module testing,
conformance, and validation activities, currently specified by Federal
Information Processing Standard (FIPS) 140-2. The National Technology
Transfer and Advancement Act (NTTAA), Public Law 104-113, directs
federal agencies to adopt voluntary consensus standards wherever
possible. The responses to this request for information (RFI) will be
used to plan possible changes to the FIPS or in a decision to use all or
part of ISO/IEC 19790:2012, Security Requirements for Cryptographic
Modules, for testing, conformance and validation of cryptographic
algorithms and modules.

The **RFI posted in today’s Federal Register provides additional
background information, including seven questions that NIST is
especially interested in having addressed, as well as NIST’s intentions.

 Send public comments to: UseOfISO@nist.gov (also see the address for
sending written comments)

Comment period closes: September 28, 2015