RE: [77attendees] High Assurance Cryptographic API Bar BoF at IETF 77 in Anaheim, CA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Meadhbh,

 

A major use case that's lacking in the standards you mention is support for security domain separation. In high assurance environments, a crypto device typically separates two security domains (protected & unprotected), performing cryptographic operations at the boundary. The existing standards operate within a single domain-- they enable a crypto device to accept data to be cryptographically transformed and return the results directly to the caller who initiated the operation.

 

This type of high assurance use case is common with diplomatic and military communications and shows opportunity in sensitive commercial enterprises like banking, as well. Specialized cryptographic hardware designed specifically for these types of environments is available.  So, we're not talking about tokens or smart cards, although potential solutions (like the one we've proposed) can accommodate those use cases as well. Nonetheless, you'd probably be better off using something like Cryptoki for those situations.

 

For an introduction to this problem domain, see section 1.4 in our Internet-Draft:

http://tools.ietf.org/html/draft-lanz-cicm-00#section-1.4

 

If you're interested, but can't attend the bar BoF, you can still participate via the mailing list:

https://www.ietf.org/mailman/listinfo/cicm

 

Regards,

Lev

 

From: Meadhbh Hamrick [mailto:ohmeadhbh@xxxxxxxxx]
Sent: Wednesday, March 10, 2010 11:59 AM
To: Novikov, Lev
Cc: IETF-Announce; IETF-77
Subject: Re: [77attendees] High Assurance Cryptographic API Bar BoF at IETF 77 in Anaheim, CA

 

It's going to be tough for me to attend, but I would love to hear why cryptoki, pc/sc or cdsa don't work for your use cases. Also, are you talking about a specific kind of token? Soft tokens? 4758s? NCipher boxen? Smart cards?

Is there a resource on the web describing the problem domain, or is this an informal meeting to discuss problems with existing solutions or new use cases?

-cheers
-meadhbh

On Mar 10, 2010 7:28 AM, "Novikov, Lev" <lnovikov@xxxxxxxxx> wrote:

There will be a bar BoF on high assurance cryptographic APIs during IETF 77.

When: Tue, March 23, 2010 from 17:30 - 19:00 (tentatively)
Where: Mix Restaurant (in the Hilton Anaheim)

Menu available at:
http://www1.hilton.com/en_US/hi/hotel/SNAAHHH-Hilton-Anaheim-California/dining.do#1

Commercial cryptographic APIs (e.g., PKCS#11) are not suitable for high assurance cryptographic devices that have special considerations (e.g., security domain separation, rich module & key management). We'd like to discuss the problems surrounding creating a logical model for high assurance cryptographic devices and a potential solution we've published as an Internet-Draft:
https://datatracker.ietf.org/drafts/draft-lanz-cicm/

Interested parties are invited to join our IETF mailing list for potential updates on the bar BoF and/or other matters relating to high assurance cryptographic APIs:
https://www.ietf.org/mailman/listinfo/cicm

Thanks,

Lev Novikov
The MITRE Corporation
_______________________________________________
77attendees mailing list
77attendees@xxxxxxxx
https://www.ietf.org/mailman/listinfo/77attendees

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]