[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [pkcs11] Response to your questions on CKM_DSA_FIPS_186_4, CKM_ECDSA_FIPS_186_4, and CKM_RSA_PKCS_FIPS_186_4
Robert Burns (or, Tom),Note: I use "[QCR_xxx]" to keep track of every questions (Q), comments (C), and recommendations (R) internally so that we don't miss any of your QCR(s). You may ignore these.
[QCR_001] CKM_DSA_FIPS_186_4 You recommended:"I do not believe that the CKM_DSA_FIPS_186_4 is necessary if the document text is updated to reflect compatibility with the latest FIPS 186 standard"
RESPONSE:We agreed. We will just update the spec, and CKM_DSA_FIPS_186_4 is not needed.
[QCR_002] CKM_DSA_FIPS_186_4 You commented: "Your recommendation limits the magnitude of 'p' to 1024 bits,but FIPS 186-3/4 allow 'p' to be 1024, 2048, or 3072; it might also be important to note that the magnitude of 'N' (magnitude of q, x, and k; the length of the input hash) can be 160, 224, or 256; so if we're thinking of having any sort of profile describing FIPS 186 compatibility, we should consider both the magnitude of 'p', as well as 'N'."
RESPONSE:True, but the document I modified only mentions DSA. If we are doing DSA2 in v2.40, then the FIPS proposal should include these values:
L and N are the bit lengths of p and q L = 1024, N = 160 L = 2048, N = 224 L = 2048, N = 256 L = 3072, N = 256 [QCR_003] CKM_ECDSA_FIPS_186_4 You commented:"We should definitely update the documents to account for 186-4. Although, in this recommendation it would appear that this mechanism merely adds the restriction of which curves are supported"
RESPONSE: We agreed. [QCR_004] CKM_ECDSA_FIPS_186_4 You asked: Refer to QCR_003,"is this best handled this way, or would a "profile" for FIPS 186 be more appropriate ? Seems like in this case it would be better to leave the restrictions with each curve and put them in a profile rather than creating a new mechanism.
Thoughts ?" RESPONSE:We would have to go read what a profile is, but in my opinion, keeping FIPS out of mechanism names is a good thing.
Please point us to a spec for the "profile". [QCR_005] CKM_X_FIPS_186_4 You commented:"my original assertion about all these FIPS 186-4 mechanisms; I think that having P11 mechanisms tied to this standard is too restrictive and could be better handled using profiles instead."
RESPONSE: We agreed if profiles do the trick, then let's use them. Again, please point us to a spec for the "profile". [QCR_006] CKM_RSA_PKCS_FIPS_186_4 You asked: "I am wondering if having a mechanism which is identical to CKM_RSA_PKCS, but restricts key sizes is an appropriate restriction ?" RESPONSE:Agreed. A better place for FIPS restrictions would be in key generation. This also applies to DSA and ECDSA.
[QCR_007] CKM_RSA_PKCS_FIPS_186_4 You commented: "I am not 100% confident that CKM_RSA_PKCS is compatible with the restrictions put forth in 186-3/4" RESPONSE:We see restrictions on how prime numbers and random numbers are generated, and the usual key length restrictions.
Do you see something else? [QCR_008] CKM_RSA_PKCS_FIPS_186_4 You commented:"I think the hard problems that 186-3/4 puts forth is in key generation rather than
algorithm usage; so something to think about" RESPONSE: Agreed. -- Best, Oscar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]