[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Proposal: CKM_RSA_PKCS_FIPS_186_4
Thanks Wan-Teh. Do you recommend using CKM_RSA_PKCS_FIPS_186 or, CKM_RSA_PKCS_FIPS ? Best, Oscar On 08/ 5/13 10:43 AM, Wan-Teh Chang wrote:
On Mon, Aug 5, 2013 at 10:29 AM, Michael StJohns<msj@nthpermutation.com> wrote:A better way to deal with this is to set the ulMinKeySize parameter of the CK_MECHANISM_INFO for CKM_RSA_PKCS to 1024 and to note - in the product guidance - that 1024, 2048 and 3072 are the only valid lengths when you're in FIPS mode.I agree that a FIPS mode for the product would be a better way to deal with the additional restrictions imposed by FIPS. It is also problematic to encode the exact FIPS 186 revision (_4) in the mechanism name because as others pointed out, FIPS 186 could be updated again in a few years. Wan-Teh Chang --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
-- Best, Oscar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]