Re: [saag] Algorithms/modes requested by users/customers
mcgrew <mcgrew@cisco.com> Tue, 19 February 2008 19:28 UTC
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m1JJSS3R019263 for <saag@PCH.mit.edu>; Tue, 19 Feb 2008 14:28:28 -0500
Received: from mit.edu (M24-004-BARRACUDA-1.MIT.EDU [18.7.7.111]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id m1JJSF01001750 for <saag@mit.edu>; Tue, 19 Feb 2008 14:28:15 -0500 (EST)
Received: from rtp-iport-2.cisco.com (rtp-iport-2.cisco.com [64.102.122.149]) by mit.edu (Spam Firewall) with ESMTP id C7F2D791B3B for <saag@mit.edu>; Tue, 19 Feb 2008 14:27:51 -0500 (EST)
Received: from rtp-dkim-2.cisco.com ([64.102.121.159]) by rtp-iport-2.cisco.com with ESMTP; 19 Feb 2008 14:27:50 -0500
Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m1JJRnb6027750; Tue, 19 Feb 2008 14:27:49 -0500
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by rtp-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id m1JJRiSE013583; Tue, 19 Feb 2008 19:27:44 GMT
Received: from xmb-rtp-20c.amer.cisco.com ([64.102.31.57]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 19 Feb 2008 14:27:34 -0500
Received: from 10.32.254.212 ([10.32.254.212]) by xmb-rtp-20c.amer.cisco.com ([64.102.31.57]) with Microsoft Exchange Server HTTP-DAV ; Tue, 19 Feb 2008 19:27:34 +0000
User-Agent: Microsoft-Entourage/11.2.4.060510
Date: Tue, 19 Feb 2008 11:27:32 -0800
From: mcgrew <mcgrew@cisco.com>
To: Randall Atkinson <rja@extremenetworks.com>, "saag@mit.edu" <saag@mit.edu>
Message-ID: <C3E06DA4.4AB3%mcgrew@cisco.com>
Thread-Topic: [saag] Algorithms/modes requested by users/customers
Thread-Index: AQHIcPWoS7HEfANh0kyQUz3uBqgcnI1VeQZu
In-Reply-To: <8329C86009B2F24493D76B486146769A9429B7A8@USEXCHANGE.corp.extremenetworks.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 19 Feb 2008 19:27:34.0421 (UTC) FILETIME=[7A64D450:01C8732D]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2428; t=1203449269; x=1204313269; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mcgrew@cisco.com; z=From:=20mcgrew=20<mcgrew@cisco.com> |Subject:=20Re=3A=20[saag]=20Algorithms/modes=20requested=2 0by=20users/customers |Sender:=20 |To:=20Randall=20Atkinson=20<rja@extremenetworks.com>,=20=2 2saag@mit.edu=22=20<saag@mit.edu>; bh=0MBqj5sFQpqZo1/VEcLy6U1y74b27MLKWLdbp1zPFoA=; b=SlaR3FsFzAWRnJLOnLawvYcusMednwmngpsHR299jfhrMPII2in4cMG2sD gsGFT0sV3c4DN5hzm+IH0HRNpPrwY/dd+f/NFbDaV5oNQPQxqEGrZS8rXcRN Xscz7RA7mD;
Authentication-Results: rtp-dkim-2; header.From=mcgrew@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; );
X-Spam-Score: 0.14
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
Subject: Re: [saag] Algorithms/modes requested by users/customers
X-BeenThere: saag@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: IETF Security Area Advisory Group <saag.mit.edu>
List-Unsubscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/saag>
List-Post: <mailto:saag@mit.edu>
List-Help: <mailto:saag-request@mit.edu?subject=help>
List-Subscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2008 19:28:28 -0000
Hi Ran, Winston Churchill said that democracy is the worst form of government, except for all of the others. I think that the same is true for the FIPS-140 cryptomodule validation process ;-) I agree with you that there is good value in having open specs for FIPS-140 and Suite-B versions of Internet protocols (even though I also agree with many of the criticisms of the validation process made on this thread). I expect that the choice of which algorithm(s) should be mandatory-to-implement will continue to be made on the basis of technical (well, mostly technical) discussions in the WGs. Best, David On 2/16/08 3:42 PM, "Randall Atkinson" <rja@extremenetworks.com> wrote: > Earlier, someone said: > % I think it would help enormously if we had some sort of > % cross IETF statement of the set of algorithms that are > % currently the consensus recommendations for support. > > I will answer a slightly different question. For the question: > "What algorithms/modes are most paying customers asking for ?" > the answers turn out to be: > > 1) NIST FIPS-140 conforming algorithms/modes. > and > 2) Suite-B conforming algorithms/modes. > > Approximately speaking, (2) above is a subset of (1) above. > > The IETF might make some different decision than those, > but equipment vendors will have to implement (1) or (2) > to please most commercial users (e.g. banks, insurance firms, > stock brokerages/markets, top international commercial > firms in other areas). So whether or not these are specified > by IETF on the standards-track, there is interoperability value > in having open specifications (e.g. Informational RFC would > do quite nicely) for (1) and (2) for nearly any Internet-related > protocol using cryptography. > > This seems to be driven externally by insurance firms that tell > their customers to only use equipment whose cryptographic > subsystems/modules have been (or are going to be) evaluated > formally under FIPS-140. > > And I'll note that this are not really driven particularly by US firms. > European, Asia/Pacific, and Latin American firms are making the > exact same requests for FIPS-140 of their equipment vendors. > > Yours, > > Ran > rja@extremenetworks.com > > > > _______________________________________________ > saag mailing list > saag@mit.edu > http://mailman.mit.edu/mailman/listinfo/saag
- [saag] Algorithms/modes requested by users/custom… Randall Atkinson
- Re: [saag] Algorithms/modes requested by users/cu… Paul Hoffman
- Re: [saag] Algorithms/modes requested by users/cu… Randall Atkinson
- Re: [saag] Algorithms/modes requested by users/cu… Stephen Kent
- Re: [saag] Algorithms/modes requested by users/cu… Randall Atkinson
- Re: [saag] Algorithms/modes requested by users/cu… Paul Hoffman
- Re: [saag] Algorithms/modes requested by users/cu… Paul Hoffman
- Re: [saag] Algorithms/modes requested by users/cu… Jack Lloyd
- Re: [saag] Algorithms/modes requested by users/cu… Paul Hoffman
- Re: [saag] Algorithms/modes requested by users/cu… mcgrew
- Re: [saag] Algorithms/modes requested by users/cu… Stephen Kent
- Re: [saag] Algorithms/modes requested by users/cu… Jon Callas
- Re: [saag] Algorithms/modes requested by users/cu… Peter Gutmann
- Re: [saag] Algorithms/modes requested by users/cu… Peter Gutmann
- Re: [saag] Algorithms/modes requested by users/cu… Steven M. Bellovin
- Re: [saag] Algorithms/modes requested by users/cu… Peter Gutmann
- Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
- Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
- Re: [saag] Algorithms/modes requested by users/cu… Randall Atkinson
- Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
- Re: [saag] Algorithms/modes requested by users/cu… Randall Atkinson
- Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
- Re: [saag] Algorithms/modes requested by users/cu… Randall Atkinson
- Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
- Re: [saag] Algorithms/modes requested by users/cu… Jon Callas
- Re: [saag] Algorithms/modes requested by users/cu… Stephen Kent
- Re: [saag] Algorithms/modes requested by users/cu… mcgrew
- Re: [saag] Algorithms/modes requested by users/cu… Vishwas Manral
- Re: [saag] Algorithms/modes requested by users/cu… Peter Gutmann
- Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
- Re: [saag] Algorithms/modes requested by users/cu… Peter Gutmann
- Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
- Re: [saag] Algorithms/modes requested by users/cu… Stephen Kent
- Re: [saag] Algorithms/modes requested by users/cu… Peter Gutmann
- Re: [saag] Algorithms/modes requested by users/cu… Ben Laurie
- Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
- Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani