[Cscwg-public] [EXTERNAL] Re: Re FIPS tokens supporting RSA 3072

Adriano Santoni adriano.santoni at staff.aruba.it
Thu Mar 18 07:15:27 UTC 2021 

If that is the correct interpretation of the language in CSBR §16.3 
(item 2), than I agree with Tomas. Of course, in this case the scenario 
changes, and we can probably find more devices on the market meeting the 
minimum RSA length requirement.

But that is not the normal interpretation of what a certified hardware 
crypto module means. If the device is based on a Javacard platform, say, 
it needs an applet installed on it to implement and export its crypto 
and key management functionalities; in such a case, the applet design is 
critical for the device to be truly secure, and therefore the applet 
needs be certified as well. This can be seen in plenty certification 
reports in commoncriteriaportal.org. This is how things work in other 
(but similar) contexts wherein a secure signature device is required, 
e.g. in the eIDAS context.

But if the CSCWG agrees, we can decide that it's enough for the device 
to be based on a certified HW and OS. Good or bad, it's a choice that 
the CSCWG can make. But then I think the language in CSBR §16.3 should 
be clarified.

Adriano


Il 18/03/2021 07:51, Tomas Gustavsson via Cscwg-public ha scritto:
>
> Related to certification...
>
> The NitroKey supports RSA 1024-4096:
> https://shop.nitrokey.com/shop/product/nk-hsm-2-nitrokey-hsm-2-7
>
> The complete device is not FIPS or CC certified, but the hardware and 
> operating system is:
> https://www.nitrokey.com/documentation/frequently-asked-questions-faq#is-nitrokey-common-criteria-or-fips-certified 
>
>
> Cheers,
> Tomas
>
> On 2021-03-17 21:42, Ian McMillan via Cscwg-public wrote:
>> Hi Folks,
>>
>> This key size effective date has already been delayed by 6 months. I 
>> am not keen on further delaying the requirement of 3072 keys for RSA 
>> due to a lack of tokens that support the requirement in the CSBRs. As 
>> Bruce calls out, there are other means to which subscribers can 
>> secure their private keys to meet the requirements outside of a token 
>> provided by a CA. If this change in key size is what pushes 
>> subscribers to use HSMs (on-prem or cloud based services) or signing 
>> services, it may serve as the call to action for token suppliers on a 
>> requirement they have frankly seemed to have overlooked for some time 
>> now.
>>
>> I’ll be interested to discuss how much additional time the group 
>> feels is needed here, and how best we can help accelerate the 
>> transition.
>>
>> Thanks,
>>
>> Ian
>>
>> *From:* Cscwg-public <cscwg-public-bounces at cabforum.org> *On Behalf 
>> Of *Adriano Santoni via Cscwg-public
>> *Sent:* Wednesday, March 17, 2021 9:31 AM
>> *To:* Bruce Morton <Bruce.Morton at entrust.com>
>> *Cc:* cscwg-public at cabforum.org
>> *Subject:* Re: [Cscwg-public] [EXTERNAL] Re: Re FIPS tokens 
>> supporting RSA 3072
>>
>> Hi Bruce,
>>
>> I certainly agree that - if the said token is the only device 
>> available on the market meeting the said requirement, as it seems to 
>> be the case -- we should promptly revise the effective date (June 
>> 1st, just three months from now) of the transition to 3072 bits being 
>> mandatory for RSA keys.
>>
>> If nothing else, because it would be a really bad thing to impose a 
>> requirement that involves sourcing devices from a single possible 
>> supplier, thereby favouring a monopoly. I hope everyone agrees on 
>> this principle.
>>
>> Adriano
>>
>> Il 17/03/2021 16:45, Bruce Morton ha scritto:
>>
>>     Hi Adriano,
>>
>>     We should discuss this issue at the next meeting. I do think that
>>     there are options to using the SafeNet token, but that might include
>>     subscriber hosted HSM, public-cloud HSM or Signing Service HSM.
>>
>>     I think we all understand that the options might be hard to
>>     implement before 1 June 2021 deadline.
>>
>>     Bruce.
>>
>>     *From:* Cscwg-public <cscwg-public-bounces at cabforum.org>
>>     <mailto:cscwg-public-bounces at cabforum.org> *On Behalf Of *Adriano
>>     Santoni via Cscwg-public
>>     *Sent:* Wednesday, March 17, 2021 11:18 AM
>>     *To:* cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org>
>>     *Subject:* [EXTERNAL] Re: [Cscwg-public] Re FIPS tokens supporting
>>     RSA 3072
>>
>>     WARNING: This email originated outside of Entrust.
>>     DO NOT CLICK links or attachments unless you trust the sender and
>>     know the content is safe.
>>
>> ------------------------------------------------------------------------
>>
>>     I should have written "the only CC token", as the FIPS version of
>>     the said token does not support RSA > 2048 bit....
>>
>>     But my question remains (after replacing "FIPS" with "CC").
>>
>>     Adriano
>>
>>     Il 17/03/2021 16:08, Adriano Santoni via Cscwg-public ha scritto:
>>
>>         I already posted this question yesterday, but apparently it did
>>         not get through.
>>
>>         I was asking: is the SafeNet eToken 5110 CC the only FIPS token
>>         supporting RSA 3072 available on the market?
>>
>>         I am investigating this matter myself, and although I am not
>>         finished it seems there aren't many... possibly just one.
>>
>>         If so, it would be a rather unfortunate situation 
>> competition-wise.
>>
>>         Adriano
>>
>>
>>
>>
>>         _______________________________________________
>>
>>         Cscwg-public mailing list
>>
>>         Cscwg-public at cabforum.org <mailto:Cscwg-public at cabforum.org>
>>
>> https://lists.cabforum.org/mailman/listinfo/cscwg-public 
>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fcscwg-public&data=04%7C01%7Cianmcm%40microsoft.com%7Cd99faf2ab770497a6a6908d8e9620f0b%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637515954677826280%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t9aEK4G0KBJ%2B2bZw6o7IRjLnLMACUJuSIegwRSV0ecc%3D&reserved=0>
>>
>>
>> _______________________________________________
>> Cscwg-public mailing list
>> Cscwg-public at cabforum.org
>> https://lists.cabforum.org/mailman/listinfo/cscwg-public
>>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210318/d2f409a2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4557 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210318/d2f409a2/attachment-0001.p7s>

More information about the Cscwg-public mailing list