[ksk-change] FIPS-140 levels
Michael StJohns
msj at nthpermutation.com
Mon Oct 6 21:21:44 UTC 2014
On 10/6/2014 3:23 PM, Paul Hoffman wrote:
> On Oct 6, 2014, at 12:17 PM, Richard Lamb <richard.lamb at icann.org> wrote:
>
>> FWIW: With enough warning I believe we can get AEP to work with us.
> With enough warning, I hope that IANA can get *all* the relevant HSM manufacturers to implement whatever curves are chosen by the IETF for TLS, and then possibly by this community for DNSSEC.
FWIW - it's trivial for most HSM manufacturer's to support the X9.63
style curves and public keys and signatures. Generally, it's just
giving them the new curve data. Supporting any of the non-X9.63 curves
(including Curve25519 and probably the NUMS Twisted Edwards, but not the
NUMS Weiserstrass) will require some selling to the HSM vendors (new
math, new math engines, new formats etc) and something more than just
the ICANN asking for them.
I don't think actually that being chosen for TLS is the right benchmark
for DNSSEC - different needs.
Mike
>
> --Paul Hoffman
>
>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20141006/22e6a9c0/attachment.html>
More information about the ksk-rollover
mailing list