OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] Validation constants in KMIP

On Wed, Apr 20, 2022 at 8:17 AM Robert Relyea <rrelyea@redhat.com> wrote:
On 4/19/22 2:53 PM, Tim Hudson wrote:
KMIP details below.

Thanks Type. Validation type is different than I thought. I thought it would indication FIPS-140 versus some other NIST validation. So what would be the values for FIPS-140-2 level 1, and FIPS-140-3 level2 ?

bob


Authority Type is the program authority - which is the specific program that is providing validations.
We expect to add other programs on request - i.e. define additional enumerations.
Like PKCS#11, KMIP also has extension encoding options for vendor-specific/private enumeration values.

FIPS 140-2 level 1

   <ValidationInformation>
    <ValidationAuthorityType type="Enumeration" value="NISTCMVP"/>
    <ValidationAuthorityCountry type="TextString" value="US"/>
    <ValidationAuthorityURI type="TextString" value="http://csrc.nist.gov/groups/STM/cmvp/"/>
    <ValidationVersionMajor type="Integer" value="2"/>
    <ValidationType type="Enumeration" value="Software"/>
    <ValidationLevel type="Integer" value="1"/>
    <ValidationCertificateIdentifier type="TextString" value="1747"/>
    <ValidationCertificateURI type="TextString" value="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747"/>
   </ValidationInformation>

FIPS 140-3 level 2

   <ValidationInformation>
    <ValidationAuthorityType type="Enumeration" value="NISTCMVP"/>
    <ValidationAuthorityCountry type="TextString" value="US"/>
    <ValidationAuthorityURI type="TextString" value="http://csrc.nist.gov/groups/STM/cmvp/"/>
    <ValidationVersionMajor type="Integer" value="3"/>
    <ValidationType type="Enumeration" value="Software"/>
    <ValidationLevel type="Integer" value="2"/>
    <ValidationCertificateIdentifier type="TextString" value="1747"/>
    <ValidationCertificateURI type="TextString" value="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747"/>
   </ValidationInformation>

Note that NIST has changed its URLs since those examples were written.

https://csrc.nist.gov/projects/cryptographic-module-validation-program/
andÂ
https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1747

Would be the "current" links and the previous links do redirect (although the certificate based redirect only redirects to the main module search page).Â

Tim.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]