<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>All,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I spoke briefly with Tim Polk of NIST who is speaking during the IETF Security Area Open Meeting beginning in about 30 minutes. I said that there is genuine concern about the NIST Suite B curves. He said that while he is focusing on the procedural steps, I or anyone else could publicly express their concerns about NIST Suite B during the open-mike portion of the session.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Ben<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> Ben Wilson [mailto:ben@digicert.com] <br><b>Sent:</b> Wednesday, November 06, 2013 2:01 PM<br><b>To:</b> 'public@cabforum.org'<br><b>Subject:</b> RE: [cabfpub] Teleconference Agenda<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>FWIW - Today at IETF Bruce Schneier reiterated that math and science are sound foundations to build upon. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If anyone is interested, here is a link to an RSA Europe Presentation on Random Number Generation - <a href="http://www.rsaconference.com/writable/presentations/file_upload/ads-r08-entropy_-random-numbers-and-keys-whats-good-enough.pdf">http://www.rsaconference.com/writable/presentations/file_upload/ads-r08-entropy_-random-numbers-and-keys-whats-good-enough.pdf</a> and a link to NIST 800-90a review that has also been mentioned – <a href="http://csrc.nist.gov/publications/nistbul/itlbul2013_09_supplemental.pdf">http://<span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>csrc.nist.gov/publications/nistbul/itlbul2013_09_supplemental.pdf</span></a></span><cite>. <o:p></o:p></cite></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>So, the discussion in this area tomorrow might focus on areas where we can do something as a CAB Forum to improve end user security (get the biggest ROI for our efforts).<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>On the first item, private key possession by CAs. We ought to address secure private key generation by CAs, secure delivery to subscribers, and secure deletion of subscriber private keys from CA systems. We ought to look what we already have written and then to policies that others have written as guidance for improvements to CABF policy.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> <a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Erwann Abalea<br><b>Sent:</b> Wednesday, November 06, 2013 8:10 AM<br><b>To:</b> <a href="mailto:public@cabforum.org">public@cabforum.org</a><br><b>Subject:</b> Re: [cabfpub] Teleconference Agenda<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Le 06/11/2013 14:59, Håvard Molland a écrit :<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>On 11/05/2013 10:16 PM, Ben Wilson wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Besides reviewing working group status, new web site, and draft bylaws, which I'll send out soon, what other hot topics should we add to Thursday's discussion? Remember, it will be an hour earlier for most of you.<o:p></o:p></p></blockquote><p class=MsoNormal><br>I would like that we discuss that some CAs generate the site certificate's private key for their customers. It is my opinion that this breaks the trust model and, especially in the light of recent events, I believe this is a bad practice. <o:p></o:p></p></blockquote><p class=MsoNormal style='margin-bottom:12.0pt'><br>In the light of older published results (weak Debian keys, lack of entropy on some devices as explained in the "Mining your P's and Q's" and subsequent papers), it can also be seen as a good practice. We at Keynectis don't do that, but I can accept the positive arguments for such practices.<br><br><o:p></o:p></p><p class=MsoNormal>We could also discuss elliptic curves and recent worries that certain curve constants might have been manipulated: <a href="http://slashdot.org/submission/2947823/are-the-nist-standard-elliptic-curves-back-doored">http://slashdot.org/submission/2947823/are-the-nist-standard-elliptic-curves-back-doored</a><o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><br>Please distinguish the Dual_EC_DRBG and NIST curves concerns. Dual_EC_DRBG has certainly been weakened, while there's still some doubts regarding NIST curves. Maybe it's time to allow for other curves, Brainpool ones come to mind (RFC5639).<o:p></o:p></p></div></body></html>