[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [saag] Algorithms/modes requested by users/customers

From: mcgrew <mcgrew at cisco.com>
To: Randall Atkinson <rja at extremenetworks.com>, "saag at mit.edu" <saag at mit.edu>
Date: Tue, 19 Feb 2008 11:27:32 -0800
In-reply-to: <8329C86009B2F24493D76B486146769A9429B7A8 at USEXCHANGE.corp.extremenetworks.com>

Hi Ran,

Winston Churchill said that democracy is the worst form of government,
except for all of the others.  I think that the same is true for the
FIPS-140 cryptomodule validation process ;-)

I agree with you that there is good value in having open specs for FIPS-140
and Suite-B versions of Internet protocols (even though I also agree with
many of the criticisms of the validation process made on this thread).   I
expect that the choice of which algorithm(s) should be
mandatory-to-implement will continue to be made on the basis of technical
(well, mostly technical) discussions in the WGs.

Best,

David


On 2/16/08 3:42 PM, "Randall Atkinson" <rja at extremenetworks.com> wrote:

> Earlier, someone said:
> % I think it would help enormously if we had some sort of
> % cross IETF statement of the set of algorithms that are
> % currently the consensus recommendations for support.
> 
> I will answer a slightly different question.  For the question:
>      "What algorithms/modes are most paying customers asking for ?"
> the answers turn out to be:
> 
> 1) NIST FIPS-140 conforming algorithms/modes.
> and
> 2) Suite-B conforming algorithms/modes.
> 
> Approximately speaking, (2) above is a subset of (1) above.
> 
> The IETF might make some different decision than those,
> but equipment vendors will have to implement (1) or (2)
> to please most commercial users (e.g. banks, insurance firms,
> stock brokerages/markets, top international commercial
> firms in other areas).  So whether or not these are specified
> by IETF on the standards-track, there is interoperability value
> in having open specifications (e.g. Informational RFC would
> do quite nicely) for (1) and (2) for nearly any Internet-related
> protocol using cryptography.
> 
> This seems to be driven externally by insurance firms that tell
> their customers to only use equipment whose cryptographic
> subsystems/modules have been (or are going to be) evaluated
> formally under FIPS-140.
> 
> And I'll note that this are not really driven particularly by US firms.
> European, Asia/Pacific, and Latin American firms are making the
> exact same requests for FIPS-140 of their equipment vendors.
> 
> Yours,
> 
> Ran
> rja at extremenetworks.com
> 
> 
> 
> _______________________________________________
> saag mailing list
> saag at mit.edu
> http://mailman.mit.edu/mailman/listinfo/saag

Follow-Ups:
- Re: [saag] Algorithms/modes requested by users/customers
  - From: Peter Gutmann

References:
- [saag] Algorithms/modes requested by users/customers
  - From: Randall Atkinson

Prev by Date: Re: [saag] Algorithms/modes requested by users/customers
Next by Date: Re: [saag] Algorithms/modes requested by users/customers
Previous by thread: [saag] Algorithms/modes requested by users/customers
Next by thread: Re: [saag] Algorithms/modes requested by users/customers
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.