[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [kmip] KMIP: RNG Proposals
> > >NIST SP 800-90 Dual EC DRBG. > There are some people who use this algorithm. As such, I don't think > removing it outright is the correct thing to do. [<[Bob]>] Peter -- quite right and let me rephrase my suggestion -- it is clear that the next version of SP800-90A will *not* include a definition of Dual EC DRBG. So my feeling is that however we're structuring the documentation and/or enumeration definitions, we should not be implying that Dual EC DRBG is an SP800-90A approved algorithm. We should (somehow) let the spec readers know that this algorithm was specified in an 'earlier' SP800-90 document, and is no longer approved/approvable. Of course this could be done in many ways, and I'm quite loathe to open up any sort of discussion about how to version stuff in enums, but at a minimum, the documentation should be authored to ensure that the reader gets a clear indication that the mechanism in question is no longer a NIST SP800-90A approvable mechanism. And fully agreed that we are not really in a position to state what is 'secure' and what is 'insecure'. Thanks, Bob
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]