[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Fwd: Re: [pkcs11] Validation constants in KMIP
Subject: | Re: [pkcs11] Validation constants in KMIP |
---|---|
Date: | Wed, 20 Apr 2022 09:06:49 -0700 |
From: | Robert Relyea <rrelyea@redhat.com> |
To: | Tim Hudson <tjh@cryptsoft.com> |
On Wed, Apr 20, 2022 at 8:17 AM Robert Relyea <rrelyea@redhat.com> wrote:
On 4/19/22 2:53 PM, Tim Hudson wrote:
KMIP details below.Thanks Type. Validation type is different than I thought. I thought it would indication FIPS-140 versus some other NIST validation. So what would be the values for FIPS-140-2 level 1, and FIPS-140-3 level2 ?
bob
Authority Type is the program authority - which is the specific program that is providing validations.We expect to add other programs on request - i.e. define additional enumerations.Like PKCS#11, KMIP also has extension encoding options for vendor-specific/private enumeration values.
So NIST CMVP == FIPS 140. NIST also has have validations, but those are covered under CMVP or are portions that become part of the FIPS-140 validation (algorithms validations, rng validations etc.).
I'm OK with that, but it means we can't mark a rng validation outside of a full FIPS validation.
bob
FIPS 140-2 level 1Â Â Â <ValidationInformation>
    <ValidationAuthorityType type="Enumeration" value="NISTCMVP"/>
    <ValidationAuthorityCountry type="TextString" value="US"/>
    <ValidationAuthorityURI type="TextString" value="http://csrc.nist.gov/groups/STM/cmvp/"/>
    <ValidationVersionMajor type="Integer" value="2"/>
    <ValidationType type="Enumeration" value="Software"/>
    <ValidationLevel type="Integer" value="1"/>
    <ValidationCertificateIdentifier type="TextString" value="1747"/>
    <ValidationCertificateURI type="TextString" value="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747"/>
   </ValidationInformation>
FIPS 140-3 level 2
   <ValidationInformation>
    <ValidationAuthorityType type="Enumeration" value="NISTCMVP"/>
    <ValidationAuthorityCountry type="TextString" value="US"/>
    <ValidationAuthorityURI type="TextString" value="http://csrc.nist.gov/groups/STM/cmvp/"/>
    <ValidationVersionMajor type="Integer" value="3"/>
    <ValidationType type="Enumeration" value="Software"/>
    <ValidationLevel type="Integer" value="2"/>
    <ValidationCertificateIdentifier type="TextString" value="1747"/>
    <ValidationCertificateURI type="TextString" value="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747"/>
   </ValidationInformation>
Note that NIST has changed its URLs since those examples were written.
Thanks, I'll probably include these examples as samples inside the documentation. FIPS is a big enough case to feature an examle.
bob
andÂ
Would be the "current" links and the previous links do redirect (although the certificate based redirect only redirects to the main module search page).Â
Tim.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]