[cabfpub] Updated Agenda for F2F Meeting 33
Erwann Abalea
erwann.abalea at opentrust.com
Mon Sep 15 08:56:11 MST 2014
Le 15/09/2014 17:08, Håvard Molland a écrit :
> On 15. sep. 2014 15:51, Erwann Abalea wrote:
>> Le 15/09/2014 13:16, Håvard Molland a écrit :
>>> On 15. sep. 2014 11:15, Erwann Abalea wrote:
>>>> [SM2/SM3 adoption]
>>>
>>> Any new algorithm should offer improvements on the existing
>>> algorithms, such as improved security, new security features or
>>> speed. I'm not sure we should add new algorithms simply for the sake
>>> of being alternatives.
>>
>> I agree, that's what SHOULD drive the inclusion of algorithms or
>> parameters. Based on that, the CABF SHOULD NOT discuss about approval
>> of these new things (not yet)
>>
>> Others MAY think differently, such as Russia, where GOST-approved
>> algorithms are mandatory
> You mean it's mandatory for servers to offer GOST? Surely they can't
> demand browser support?
I mean it's mandatory for everyone to do GOST-* stuff. DNSSEC, TLS, ...
You can think it's stupid (I do).
Support for DNSSEC is present in RFC5933, support for TLS is drafted in
draft-chudov-cryptopro-cptls-04. There was some work on NSS, I think
OpenSSL works (with the GOST engine?), I don't know if Opera/Apple/MS
supports this.
Mandatory is weak here; the .ru zone isn't GOST-* signed, I can't find a
GOST-* signed certificate, everyone seems to be happy with the current
situation.
>> . And we DO see GOST-approved hash algorithms used in OCSP requests
>> (to produce the issuerNameHash and issuerKeyHash). Now.
>>
>> What if China mandates the use of their own algorithms?
> If every regime wants their own ciphers, it will be impossible to
> manage. Instead of adding a new cipher suit per country/regime, the
> list should consist of relatively few ciphers everyone could agree on.
> Hopefully the current ciphers would be such a list, although it might
> be a bit US centric. This discussion is a bit to big for CA/B forum
> alone though.
China is a bigger market than Russia is. That could make a difference.
(insert sad face)
Anyway, it's too early to discuss at CABF.
--
Erwann ABALEA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140915/c71b8148/attachment-0001.html
More information about the Public
mailing list