[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FIPS-180-3 and PKCS #11.
I'd like to propose we collect all the feedback we are getting from out labs, and even if we need to do a one off vendor specific thing, we collect that in a wiki and make FIPS-180-3 a focus of PKCS #11 v3.2. We would collect the requirements now so we can build proposed solutions in the 3.2 (or 3.3 ) time frame.
The requirement I tripped across was the requirement to programmatically indicate which functions and modes are fips validated. This has been traditionally handled in the Security Policy. Exactly what is needed isn't yet known, but I can envision a function that returns a MechanismInfo that applies to the algorithm as it was validated (maybe restricted key sizes, or restricted flags (AES_GCM, for instance may only have the CKF_MESSAGE_DECRYPT flag and not the CKF_DECRYPT flag)).
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]