Re: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 18 August 2015 14:31 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5856E1A8866 for <saag@ietfa.amsl.com>; Tue, 18 Aug 2015 07:31:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xBV8yc5XYB2L for <saag@ietfa.amsl.com>; Tue, 18 Aug 2015 07:31:16 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BFBB1A885B for <saag@ietf.org>; Tue, 18 Aug 2015 07:31:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2D919BE58; Tue, 18 Aug 2015 15:31:15 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fkt81PBZQX4e; Tue, 18 Aug 2015 15:31:15 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 00E11BE5D; Tue, 18 Aug 2015 15:31:14 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1439908275; bh=n2tMueiDRCiDs5NYk4fAh4eVLxoFjEIjSzQahTpjpE8=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=Mfa8S6cUghISzrYsM4+MDoQykq/CvBr5ic5ViqTvICX1e/9GKJNnMlcYtGfkd7erc bbxoVzhQyDPECx+YRdZhvv2RTIMGDQlFFej1Y5xhscqLAfngyVBXfUMEwMJFdOrGf4 SwihMU87YVXSwmOb6Q2jIojFdUoyM4mTLoTiItf0=
Message-ID: <55D341B2.6010109@cs.tcd.ie>
Date: Tue, 18 Aug 2015 15:31:14 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Richard Barnes <rlb@ipv.sx>, Phil Lello <phil@dunlop-lello.uk>
References: <55CE5A40.3090804@cs.tcd.ie> <CAPofZaGT__FmChCWNf=iMsyD4s7c1SpUus2Lm_6ubhA3ayfGqA@mail.gmail.com> <CAG-id0ZYG946xZQrsfrMqyQunLpg=ZeGGP8BcQRVtFE0s7b3DQ@mail.gmail.com> <55CF35B2.9020302@cs.tcd.ie> <CACz1E9rg8ZtHLCpZ8utBF67PTOiDKWTDGvepqL0SXL_0WR0=+g@mail.gmail.com> <97152.1439858222@eng-mail01.juniper.net> <CAPofZaGf4U_7hccU-nMQ9QEuFnbJWa8Pemmzs=hxTec3vtH7rA@mail.gmail.com> <CAL02cgTgFcjqtsqroy2LaLjNu8Ezzf_uSxXo3Po-3KfhdrHq=w@mail.gmail.com>
In-Reply-To: <CAL02cgTgFcjqtsqroy2LaLjNu8Ezzf_uSxXo3Po-3KfhdrHq=w@mail.gmail.com>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/gdhEBVblOXQ7qEVLDpsPfnbHoNY>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2015 14:31:18 -0000
On 18/08/15 14:47, Richard Barnes wrote: > On Tue, Aug 18, 2015 at 5:33 AM, Phil Lello <phil@dunlop-lello.uk> wrote: >> I'd just like to clarify that my objection to the paywall isn't about paying >> for the standard per-se, as it would be reasonable to pay a fee as an >> implementor (much like paying to access C++ standards to write a compiler). >> The objection is specifically about needing to pay to access the standard as >> part of a review process, as the fee is a barrier to broad evaluation. > > Well, then let me explicitly disagree with this position. The > standards that run the Internet need to be widely implemented, and > that means the specs need to be widely available. As Russ observed, > the current FIPS standards are freely available, so moving to a > paywalled standard would be a major step backwards. And a step > backwards for, AFAICT, no benefit. One of the reasons I asked if someone was willing to take a 1st cut at drafting some text is that, since I am not going to be reading the document behind the paywall, I have no clue if Richard is correct when he says "for, AFAICT, no benefit." (Since I've not read the thing;-) If an IETF/IAB/IESG/whatever response really ought also say something about the technical content, as well as the open-ness aspect of the process, then I at least will be depending on folks who have peeked behind that particular curtain to see what the wizard looks like. Or if none of us do, then I guess we could say that:-) Cheers, S. > > I would also observe that "free for review, pay for implementation" is > not really a realistic position. If anyone can download the spec for > review, then it will be out there on the Internet after it's > finalized. Much like the C++ spec, in fact (see the links in > https://en.wikipedia.org/wiki/C%2B%2B) And in practice that just > means that everyone will use the free "almost final" version, not the > paywalled "final" version. > > --Richard > > >> >> Phil >> >> On Tue, Aug 18, 2015 at 1:37 AM, Mark D. Baushke <mdb@juniper.net> wrote: >>> >>> It may be worth noting that NIST actually put the wrong edition of the >>> ISO/IEC standard in the Federal Register article... They intended to put >>> 19790:2012 instead. >>> >>> See also >>> >>> http://csrc.nist.gov/groups/STM/cmvp/notices.html >>> >>> -- Mark >>> >>> _______________________________________________ >>> saag mailing list >>> saag@ietf.org >>> https://www.ietf.org/mailman/listinfo/saag >> >> >> >> _______________________________________________ >> saag mailing list >> saag@ietf.org >> https://www.ietf.org/mailman/listinfo/saag >> > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > >
- [saag] NIST requests comments on using ISO/IEC 19… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… Phil Lello
- Re: [saag] NIST requests comments on using ISO/IE… David Lloyd-Jones
- Re: [saag] NIST requests comments on using ISO/IE… Paterson, Kenny
- Re: [saag] NIST requests comments on using ISO/IE… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… William Whyte
- Re: [saag] NIST requests comments on using ISO/IE… Michael Richardson
- Re: [saag] NIST requests comments on using ISO/IE… Russ Housley
- Re: [saag] NIST requests comments on using ISO/IE… Richard Barnes
- Re: [saag] NIST requests comments on using ISO/IE… Russ Housley
- Re: [saag] NIST requests comments on using ISO/IE… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… Mark D. Baushke
- Re: [saag] NIST requests comments on using ISO/IE… Phil Lello
- Re: [saag] NIST requests comments on using ISO/IE… Richard Barnes
- Re: [saag] NIST requests comments on using ISO/IE… Michael Richardson
- Re: [saag] NIST requests comments on using ISO/IE… Michael Richardson
- Re: [saag] NIST requests comments on using ISO/IE… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… Stephen Farrell
- Re: [saag] NIST requests comments on using ISO/IE… Jeffrey Walton