OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [pkcs11] Response to your questions on CKM_DSA_FIPS_186_4, CKM_ECDSA_FIPS_186_4, and CKM_RSA_PKCS_FIPS_186_4


Robert Burns (or, Tom),

Note: I use "[QCR_xxx]" to keep track of every questions (Q), comments (C), and recommendations (R) internally so that we don't miss any of your QCR(s). You may ignore these.


[QCR_001] CKM_DSA_FIPS_186_4
You recommended:
"I do not believe that the CKM_DSA_FIPS_186_4 is necessary if the document text is updated to reflect compatibility with the latest FIPS 186 standard"

RESPONSE:
We agreed. We will just update the spec, and CKM_DSA_FIPS_186_4 is not needed.



[QCR_002] CKM_DSA_FIPS_186_4
You commented:
"Your recommendation limits the magnitude of 'p' to 1024 bits,
but FIPS 186-3/4 allow 'p' to be 1024, 2048, or 3072; it might also be important to note that the magnitude of 'N' (magnitude of q, x, and k; the length of the input hash) can be 160, 224, or 256; so if we're thinking of having any sort of profile describing FIPS 186 compatibility, we should consider both the magnitude of 'p', as well as 'N'."

RESPONSE:
True, but the document I modified only mentions DSA. If we are doing DSA2 in v2.40, then the FIPS proposal should include these values:

L and N are the bit lengths of p and q
L = 1024, N = 160
L = 2048, N = 224
L = 2048, N = 256
L = 3072, N = 256



[QCR_003] CKM_ECDSA_FIPS_186_4
You commented:
"We should definitely update the documents to account for 186-4. Although, in this recommendation it would appear that this mechanism merely adds the restriction of which curves are supported"

RESPONSE:
We agreed.



[QCR_004] CKM_ECDSA_FIPS_186_4
You asked:
Refer to QCR_003,
"is this best handled this way, or would a "profile" for FIPS 186 be more appropriate ? Seems like in this case it would be better to leave the restrictions with each curve and put them in a profile rather than creating a new mechanism.
Thoughts ?"

RESPONSE:
We would have to go read what a profile is, but in my opinion, keeping FIPS out of mechanism names is a good thing.
Please point us to a spec for the "profile".



[QCR_005] CKM_X_FIPS_186_4
You commented:
"my original assertion about all these FIPS 186-4 mechanisms; I think that having P11 mechanisms tied to this standard is too restrictive and could be better handled using profiles instead."

RESPONSE:
We agreed if profiles do the trick, then let's use them.
Again, please point us to a spec for the "profile".



[QCR_006] CKM_RSA_PKCS_FIPS_186_4
You asked:
"I am wondering if having a mechanism which is identical to CKM_RSA_PKCS,
but restricts key sizes is an appropriate restriction ?"

RESPONSE:
Agreed. A better place for FIPS restrictions would be in key generation. This also applies to DSA and ECDSA.



[QCR_007] CKM_RSA_PKCS_FIPS_186_4
You commented:
"I am not 100% confident that CKM_RSA_PKCS is compatible
with the restrictions put forth in 186-3/4"

RESPONSE:
We see restrictions on how prime numbers and random numbers are generated, and the usual key length restrictions.
Do you see something else?



[QCR_008] CKM_RSA_PKCS_FIPS_186_4
You commented:
"I think the hard problems that 186-3/4 puts forth is in key generation rather than
algorithm usage; so something to think about"

RESPONSE:
Agreed.




--

Best,
Oscar



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]