OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: KMIP: RNG Proposals

> DRBG Algorithms and RNG Algorithm Enumeration: I think it makes sense to combine these two enumerations and for us to have a single list of algorithms.

Okay with me so long as draft NIST SP-800-90C NRBG constructions consisting of (NRBG + construction type + DRBG) are supported.

John

-----Original Message-----
From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of Robinson, Peter (RSA Engineering)
Sent: Thursday, 12 December 2013 12:59 PM
To: kmip@lists.oasis-open.org
Cc: Carielli, Sandra; Pingel, Stefan; Brown, Jaimee; Furlong, Judith; Griffin, Robert
Subject: [kmip] KMIP: RNG Proposals

I have reviewed the RNG / PRNG proposals and have the following comments and questions.


kmip-rng-base-wd01:

RNG Parameters: Some of the parts of RNG Parameters are optional, depending on the algorithm. We should specify which parts are expected for which algorithm.

Cryptographic Length: This needs to be defined. What is it for which algorithm? Is it the perceived security strength? That is, for HMAC DRBG 128 bit security strength, should this be 128? For EC DRBG using a P256 curve should this be 128 or 256?

DRBG Algorithm: We need to specify exactly which algorithms these are. I assume they are meant to be NIST's SP800-90 algorithms? If so, we should we be explicit.

DRBG Algorithms and RNG Algorithm Enumeration: I think it makes sense to combine these two enumerations and for us to have a single list of algorithms.

Recommended Curve: This should be Curve, indicating it is the curve which must be or has been used.


A common PRNG parameter which is not able to be specified in the current proposal is Prediction Resistance. This is the combining of one bit of entropy with each output bit. This can be on or off. This is discussed in detail in NIST's SP800-90a-rev1.


It would be good to be able to indicate what entropy sources have been or will be used to seed a PRNG algorithm. Is it fair to assume that all PRNG instances in a server will be seeded with the same types of entropy sources, and as such could this be the same for all PRNG algorithms?




kmip-rng-query-wd01

If a server implementation supports the specification then it should be able to report which algorithms and parameter options it supports. As such, I don't think "unspecified" makes sense. 


Peter
------------------------------------------------
Peter Robinson - peter.robinson@rsa.com
Senior Engineering Manager
RSA, The Security Division of EMC - http://www.rsa.com/
Level 11, Central Plaza One, 345 Queen Street, Brisbane, Queensland 4000, AUSTRALIA.
Phone: +61 7 3032 5253, Mobile: +61 407 962 150. 




---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that 
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]