Re: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules

"Paterson, Kenny" <> Sat, 15 August 2015 11:31 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id F3C391B2E55 for <>; Sat, 15 Aug 2015 04:31:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hht8gi49C7Cs for <>; Sat, 15 Aug 2015 04:31:12 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:fe00::649]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9EC741B2E53 for <>; Sat, 15 Aug 2015 04:31:11 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Sat, 15 Aug 2015 11:31:08 +0000
Received: from ([]) by ([]) with mapi id 15.01.0231.021; Sat, 15 Aug 2015 11:31:08 +0000
From: "Paterson, Kenny" <>
To: David Lloyd-Jones <>
Thread-Topic: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules
Thread-Index: AQHQ1tZGPR3gW81L/E+kkoHmSC1pRJ4MuYwAgAAynICAAAHtwg==
Date: Sat, 15 Aug 2015 11:31:08 +0000
Message-ID: <>
References: <> <>, <>
In-Reply-To: <>
Accept-Language: en-GB, en-US
Content-Language: en-GB
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-microsoft-exchange-diagnostics: 1; DBXPR03MB383; 5:WSELZAJ0qDEdYRigTMSkHVhqb0wLcxcGBklc9WQVP7/6abAwsBl8VwSdLQj/MlNyOHyg8prHcI/eIKUa1d2fB5ykRgstK5qPVIRw8XqIAYisRsRodPzfJh+6PYLhEd0hugnG2OzgSdhBeNmRsjbuiQ==; 24:JO18FRArd4SLrdbkV23iRmtNXqF7VXdavyVdu/jrjDDvipIgs7dQrcBOAn7hBJ+Fkp52yo6mt+vov+c0LPmeVjc+WqQhp2s+XMrrBnS0koo=; 20:uNXk1VJUd8qatEY0VgKZxow4sVUr+r9tK6xbtFJbdKXXSxL3Shmougqik9Sk60KHihDBAVVCanKdRgDEaNWxeQ==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DBXPR03MB383;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(8121501041)(5005006)(3002001); SRVR:DBXPR03MB383; BCL:0; PCL:0; RULEID:; SRVR:DBXPR03MB383;
x-forefront-prvs: 06691A4183
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(124975003)(189002)(199003)(24454002)(97736004)(62966003)(106356001)(106116001)(105586002)(68736005)(189998001)(66066001)(64706001)(5002640100001)(122556002)(36756003)(19617315012)(10400500002)(110136002)(5001960100002)(2656002)(92566002)(33656002)(101416001)(82746002)(77096005)(86362001)(102836002)(15975445007)(46102003)(2950100001)(83716003)(87936001)(2900100001)(74482002)(54356999)(76176999)(5001860100001)(50986999)(5001920100001)(19580395003)(40100003)(19580405001)(77156002)(4001540100001)(5001830100001)(81156007)(16236675004)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:DBXPR03MB383;; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
Content-Type: multipart/alternative; boundary="_000_912ED4397FE4469CAB32AC7B2E32BE9Frhulacuk_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Aug 2015 11:31:08.1743 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBXPR03MB383
Archived-At: <>
Cc: "" <>
Subject: Re: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 15 Aug 2015 11:31:15 -0000

Err, no. ISO documents are notorious for not being free. In this case, the asking price is 178 Swiss Francs. Not exorbitant but not free either. (Yeah, it's free to read the abstract.)


On 15 Aug 2015, at 12:24, David Lloyd-Jones <<>> wrote:


None of

is behind a paywall.

What is it you have "heard," Stephen, that has given Phil this avalanche of "reason to object"?

I wouldn't be surprised if some of the documentation within those catalogues costs money.  There was a time in the early days of Oracle when the docs for their basic database software cost US$6,000.  I paid US$92 for my IBM equivalent a few years ago, but these are not paywalls.  They are costs of operating docs.

(I suspect that that $6,000 was because Larry knew he was working the American taxpayer over just one time, and in 1983 that was still real money to him: gas for the motorbike, not the jet.)

Is it a question of that sort of thing?

Parenthetically, I notice that the correspondence thread "Information Security" over on Google+ has recently fractured in two, I would guess because the main feed is full of juvenile ranting.


On 15 August 2015 at 04:23, Phil Lello <<>> wrote:
I'm not in the US or trading with US companies, so presumably not affected, but the paywall alone sounds like a reasonable grounds to object to me - it prevents reasonable review by people with no reason to buy the standard, and presumably also creates a smaller pool of suppliers (since it will eliminate those who don't buy the spec). {snipped}
saag mailing list<>