[cabfpub] Updated Agenda for F2F Meeting 33

Erwann Abalea erwann.abalea at opentrust.com
Mon Sep 15 15:56:11 UTC 2014

Le 15/09/2014 17:08, Håvard Molland a écrit :
> On 15. sep. 2014 15:51, Erwann Abalea wrote:
>> Le 15/09/2014 13:16, Håvard Molland a écrit :
>>> On 15. sep. 2014 11:15, Erwann Abalea wrote:
>>>> [SM2/SM3 adoption]
>>> Any new algorithm should offer improvements on the existing 
>>> algorithms, such as improved security, new security features or 
>>> speed. I'm not sure we should add new algorithms simply for the sake 
>>> of being alternatives.
>> I agree, that's what SHOULD drive the inclusion of algorithms or 
>> parameters. Based on that, the CABF SHOULD NOT discuss about approval 
>> of these new things (not yet) 
>> Others MAY think differently, such as Russia, where GOST-approved 
>> algorithms are mandatory
> You mean it's mandatory for servers to offer GOST? Surely they can't 
> demand browser support?

I mean it's mandatory for everyone to do GOST-* stuff. DNSSEC, TLS, ... 
You can think it's stupid (I do).
Support for DNSSEC is present in RFC5933, support for TLS is drafted in 
draft-chudov-cryptopro-cptls-04. There was some work on NSS, I think 
OpenSSL works (with the GOST engine?), I don't know if Opera/Apple/MS 
supports this.
Mandatory is weak here; the .ru zone isn't GOST-* signed, I can't find a 
GOST-* signed certificate, everyone seems to be happy with the current 

>> . And we DO see GOST-approved hash algorithms used in OCSP requests 
>> (to produce the issuerNameHash and issuerKeyHash). Now.
>> What if China mandates the use of their own algorithms?
> If every regime wants their own ciphers, it will be impossible to 
> manage. Instead of adding a new cipher suit per country/regime, the 
> list should consist of relatively few ciphers everyone could agree on. 
> Hopefully the current ciphers would be such a list, although it might 
> be a bit US centric.  This discussion is a bit to big for CA/B forum 
> alone though.

China is a bigger market than Russia is. That could make a difference. 
(insert sad face)
Anyway, it's too early to discuss at CABF.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140915/c71b8148/attachment-0003.html>

More information about the Public mailing list