[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Proposal: CKM_RSA_PKCS_FIPS_186_4
On Mon, Aug 5, 2013 at 10:29 AM, Michael StJohns <msj@nthpermutation.com> wrote: > > A better way to deal with this is to set the ulMinKeySize parameter of the > CK_MECHANISM_INFO for CKM_RSA_PKCS to 1024 and to note - in the product > guidance - that 1024, 2048 and 3072 are the only valid lengths when you're > in FIPS mode. I agree that a FIPS mode for the product would be a better way to deal with the additional restrictions imposed by FIPS. It is also problematic to encode the exact FIPS 186 revision (_4) in the mechanism name because as others pointed out, FIPS 186 could be updated again in a few years. Wan-Teh Chang
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]