[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Next Standard Version Number
Hi folks - Thank you for the great face-to-face meeting! Hope you all had a great RSA! One issue that came up at our face-to=face: what should our next version be? Background: * We have never added a new function to a minor rev of the standard. That is, the last time we added any functions was when we went from 1.x to 2.01. * We need new functions to address several current issues, most importantly the new "Implementation Guidance" from NIST wrt AES GCM IV generation. We had originally decided to go with 2.41 as a quick update to add SHA3. NOw the lists of algorithms we're adding has grown, and so has the required functionality. We are definitely out of "2.41" territory. The question I am hoping to resolve in our next meeting is: should we go to 3.0? NOTE: there were lots of ideas for 3.0 that were quite drastic, those would likely be pushed to 4.0. But, the items on the table now (see the minutes from the face-to-face) seem too big to push as 2.50, even, especially given the new functions. Bob's current proposals would mean 3.00 could be backwards compatible to 2.40, with the function lists (note the plural). I hope to have a voice vote on this in our next meeting, but we can take it to a ballot if needed. Mostly, we are worried about folks adopting such a leap. On the other hand, if we don't address AES GCM IV generation, we are in trouble in other ways. We can all discuss on here, too :) Thanks and talk to you soon! Valerie -- Valerie Fenwick, http://bubbva.blogspot.com/ @bubbva Solaris Cryptographic & Key Management Technologies, Manager Oracle Corporation: 4180 Network Circle, Santa Clara, CA, 95054.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]