[Servercert-wg] [Ext] [cabfpub] Interest in Ed25519 and/or Ed448?

Paul Hoffman paul.hoffman at icann.org
Fri Dec 21 11:06:38 MST 2018 

On Dec 21, 2018, at 9:42 AM, Ryan Sleevi via Servercert-wg <servercert-wg at cabforum.org> wrote:
> 
> 
> On Fri, Dec 21, 2018 at 11:42 AM Phillip <philliph at comodo.com> wrote:
> One major concern I have in any standards process covering multiple bodies is to avoid a standards deadlock condition in which each group is waiting for another to act.
> 
>  
> 
> As far as CABForum is concerned, the existence of FIPS qualified hardware should be irrelevant to passing a BR. If we want FIPS hardware, we say it is a requirement in the BR.
> 
>  
> 
> If we wait for the hardware manufacturers to deploy, they will wait for us and so on ad infinitum. We have a circle of ungranted request. The way I see this process working is:
> 
>  
> 
> 	• IRTF-CFRG examines, reviews and specifies algorithms
> 	• IETF-TLS specifies code points for use in TLS
> 	• CABForum approves use in WebPKI certificates
> 	• Vendors deploy
>  
> 
> Each step in the process can only wait on lower numbered steps.
> 
> 
> It sounds like there are areas of agreement, but to be clear, I think there's a clear and important disagreement.
> 
> In your proposed ordering, #3 happens before any possible security evaluation or consideration of what #4 means has been done. That seems irresponsible, from a security point of view, which is why I was trying to capture that the ordering is inverted - #4 is a precondition to #3.
> 
> I think Rob's questioning is helpful - which is to say, yes, there is support for and demand for, if you can produce something that meets the security requirements. However, history has shown us repeatedly, trying to specify it abstractly and hoping folks get the security requirements right is a dangerous, harmful thing. So show that it's possible to securely protect keys, that there is some concrete thing to evaluate, and it's reasonable to look at supporting.

Maybe there is a step 3.5: "Potential HSM buyers ask their vendors whether they will support the new algorithm as well as they do the current ones".

Just to be clear: an HSM vendor *can* pay their independent test lab to test their implementation of a not-yet-CMVP-supported algorithm, and *can* show the results of those tests to potential customers (depending on their agreement with their lab). At least in the past, it was common to test systems that have not-yet-CMVP-supported algorithms and those test results were sent to NIST even though they would not appear in the certificates.

--Paul Hoffman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3915 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20181221/f273e9b0/attachment.p7s>

More information about the Servercert-wg mailing list