OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [pkcs11] Review before next meeting




On 06/02/16 14:42, Graham Steel wrote:
Options include: make the IVs for this wrap mechanism token-generated
(probably a good idea anyway for NIST compliance), add a mode with
automatic deterministic nonce calculation like SIV (designed for
key-wrap), use an AEAD mode so that attributes are treated as public data.

A token generated IV makes sense, since as you point out due to the NIST requirements for FIPS 140-2 that might be a requirement for many vendors anyway (if PKCS#11 is the FIPS 140 crypto boundary rather than some higher level part of the product).

--
Darren J Moffat


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]