OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [kmip] KMIP: RNG Proposals

> >NIST SP 800-90 Dual EC DRBG.
> There are some people who use this algorithm. As such, I don't think
> removing it outright is the correct thing to do.

[<[Bob]>] Peter -- quite right and let me rephrase my suggestion -- it is clear that the next version of SP800-90A will *not* include a definition of Dual EC DRBG.  So my feeling is that however we're structuring the documentation and/or enumeration definitions, we should not be implying that Dual EC DRBG is an SP800-90A approved algorithm.  We should (somehow) let the spec readers know that this algorithm was specified in an 'earlier' SP800-90 document, and is no longer approved/approvable.

Of course this could be done in many ways, and I'm quite loathe to open up any sort of discussion about how to version stuff in enums, but at a minimum, the documentation should be authored to ensure that the reader gets a clear indication that the mechanism in question is no longer a NIST SP800-90A approvable mechanism.

And fully agreed that we are not really in a position to state what is 'secure' and what is 'insecure'.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]