RE: Conformance Section / today's discussion

["Zelechoski, Peter" <pzelechoski@essvote.com>]

To comment on the discussion from today's call around conformance claims:

 

Supports should mean : will process and provide a valid and meaningful response, not just "I don't do that".

 

I would think any conformant system must reply "I can't" to anything it doesn't support.  A system that can't (one that fails or ignores when presented something it doesn't support) shouldn't be able to claim conformance.  A sender must be able to expect a response from a conformant system.

 

 

 

ALSO

algorithm discussion --

I might only support AES 128

A client might REQUIRE AES 256

If I don't handle it I should respond and the client would need to seek a different partner.

A different client might be fine downgrading to AES 128 and would lower its request and continue with the same partner.

Thus the system should be responding to requests but need not support everything to claim conformance.

You can extend this to other algorithms (rather than just key sizes) but the concept is what needs to be contained in the conformance section.

 

Peter M Zelechoski, CISSP, MBA-TM     Vice President International Product Development
Election Systems & Software            pzelechoski@essvote.com      402-970-1242