kmip message

Subject: Re: [kmip] KMIP: RNG Proposals

From: Tim Hudson <tjh@cryptsoft.com>
To: "kmip@lists.oasis-open.org" <kmip@lists.oasis-open.org>
Date: Sat, 14 Dec 2013 10:19:18 +1000

On 14/12/2013 9:51 AM, Burns, Robert wrote:
> If we added the following into RNG Parameters that would cover off on what is currently noted in the validation lists:
>     Prediction Resistance Enabled - Boolean
>     Derivation Function Used - Boolean
>
> [<Bob>] I think adding just those two functions is useful.  Observation: Prediction resistance applies to all SP800-90(A) DRBGs, whereas the derivation function is only for cipher based DRBGs.
>
> Also, as an aside, if we are enumerating the various SP800-90(A) DRBG types, I assert we should leave off the Dual_EC DRBGs, if that hasn't already been considered. ;->

I think they should remain with enumeration values specified (like we
have for other enumerations) and perhaps we could include a usage guide
note on the issue if someone can come up with acceptable wording for
such a note.

We haven't made any specific recommendations in terms algorithms to not
use within KMIP to date and remember we do list DES and things like RC2
within the algorithm list - see 9.1.3.2.13 within the KMIP 1.2 committee
specification draft.

Tim.

Follow-Ups:
- RE: [kmip] KMIP: RNG Proposals
  - From: Mike Yoder <myoder@vormetric.com>

References:
- Various RNG proposals
  - From: John Leiseboer <JL@quintessencelabs.com>
- KMIP: RNG Proposals
  - From: "Robinson, Peter (RSA Engineering)" <peter.robinson@rsa.com>
- Re: [kmip] KMIP: RNG Proposals
  - From: Tim Hudson <tjh@cryptsoft.com>
- RE: [kmip] KMIP: RNG Proposals
  - From: "Burns, Robert" <Robert.Burns@thalesesec.com>
- Re: [kmip] KMIP: RNG Proposals
  - From: Tim Hudson <tjh@cryptsoft.com>
- RE: [kmip] KMIP: RNG Proposals
  - From: Tim Hudson <tjh@cryptsoft.com>
- RE: [kmip] KMIP: RNG Proposals
  - From: "Burns, Robert" <Robert.Burns@thalesesec.com>