[Cscwg-public] [EXTERNAL] Re: Re FIPS tokens supporting RSA 3072

Adriano Santoni adriano.santoni at staff.aruba.it
Wed Mar 17 16:30:35 UTC 2021 

Hi Bruce,

I certainly agree that - if the said token is the only device available 
on the market meeting the said requirement, as it seems to be the case 
-- we should promptly revise the effective date (June 1st, just three 
months from now) of the transition to 3072 bits being mandatory for RSA 
keys.

If nothing else, because it would be a really bad thing to impose a 
requirement that involves sourcing devices from a single possible 
supplier, thereby favouring a monopoly. I hope everyone agrees on this 
principle.

Adriano


Il 17/03/2021 16:45, Bruce Morton ha scritto:
>
> Hi Adriano,
>
> We should discuss this issue at the next meeting. I do think that 
> there are options to using the SafeNet token, but that might include 
> subscriber hosted HSM, public-cloud HSM or Signing Service HSM.
>
> I think we all understand that the options might be hard to implement 
> before 1 June 2021 deadline.
>
> Bruce.
>
> *From:* Cscwg-public <cscwg-public-bounces at cabforum.org> *On Behalf Of 
> *Adriano Santoni via Cscwg-public
> *Sent:* Wednesday, March 17, 2021 11:18 AM
> *To:* cscwg-public at cabforum.org
> *Subject:* [EXTERNAL] Re: [Cscwg-public] Re FIPS tokens supporting RSA 
> 3072
>
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender and know 
> the content is safe.
>
> ------------------------------------------------------------------------
>
> I should have written "the only CC token", as the FIPS version of the 
> said token does not support RSA > 2048 bit....
>
> But my question remains (after replacing "FIPS" with "CC").
>
> Adriano
>
> Il 17/03/2021 16:08, Adriano Santoni via Cscwg-public ha scritto:
>
>     I already posted this question yesterday, but apparently it did
>     not get through.
>
>     I was asking: is the SafeNet eToken 5110 CC the only FIPS token
>     supporting RSA 3072 available on the market?
>
>     I am investigating this matter myself, and although I am not
>     finished it seems there aren't many... possibly just one.
>
>     If so, it would be a rather unfortunate situation competition-wise.
>
>     Adriano
>
>
>
>     _______________________________________________
>
>     Cscwg-public mailing list
>
>     Cscwg-public at cabforum.org  <mailto:Cscwg-public at cabforum.org>
>
>     https://lists.cabforum.org/mailman/listinfo/cscwg-public  <https://lists.cabforum.org/mailman/listinfo/cscwg-public>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210317/3a25eb0a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4557 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210317/3a25eb0a/attachment-0001.p7s>

More information about the Cscwg-public mailing list