Subject: AES GCM IV FIPS-140 new IG
hi all - Could this subject have any more acronyms? :-) This is the item I have been bringing up in our meetings, about the IG that was rumoured to be "coming soon". The new IG has been posted: http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf Specifically: A.5 Key/IV Pair Uniqueness Requirements from SP 800-38D Allow IPSec- and TLS 1.2-style of IV generation for AES-GCM cipher suites. Which goes into effect immediately, as NIST believes this is more permissive than previous guidance. As currently in PKCS#11, we accept the IV as input, how do we enforce this? For many of your modules, they may be "standalone" with the thing generating the IV and the PKCS#11 module being in the same "cryptographic module" (from a FIPS-140 perspective), and this will be easier to solve for those situations as you control everything. But, for those of us that are providing cryptographic services to a variety of consumers - consumers who are all currently generating their own IV, how should we address this in in PKCS#11? Can this be addressed with 2.40? (I don't think so, but would be happy to be proved wrong) Thanks! Valerie -- Valerie Fenwick, http://bubbva.blogspot.com/ @bubbva Solaris Cryptographic & Key Management Technologies, Manager Oracle Corporation: 4180 Network Circle, Santa Clara, CA, 95054.