RE: ISSUE-128: Strong / weak algorithms? [Techniques] from Doyle, Bill on 2007-10-17 (public-wsc-wg@w3.org from October 2007)

From: Doyle, Bill <wdoyle@mitre.org>
Date: Wed, 17 Oct 2007 11:04:22 -0400
To: "Luis Barriga" <luis.barriga@ericsson.com>, "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>, <michael.mccormick@wellsfargo.com>, <Anil.Saldhana@redhat.com>, <public-wsc-wg@w3.org>
Message-ID: <518C60F36D5DBC489E91563736BA4B5801B2DBF0@IMCSRV5.MITRE.ORG>
I remember a doc that grouped security into categories that included
High Robustness, Medium Robustness. In order to be high robustness
certain ciphers needed to be used, just as Luis describes. I think it
used FIPS as the backup.

Can't remember if that was a FIPS doc, a DoD doc, DISA, NSA... I will
look for it and see if it is unclassified for general distribution.

B


 

-----Original Message-----
From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Luis Barriga
Sent: Wednesday, October 17, 2007 9:10 AM
To: Yngve N. Pettersen (Developer Opera Software ASA);
michael.mccormick@wellsfargo.com; Anil.Saldhana@redhat.com;
public-wsc-wg@w3.org
Subject: RE: ISSUE-128: Strong / weak algorithms? [Techniques]


I checked those docs and they are still focused on each cipher
independently. The Ecrypt paper is closer (compared to FIPS) to what I
think we need but still not there.

The point I'm trying to make is that we need some recommendations not
at the *separate cipher* level, but at the *cipher suite* level so the
combination of public and symmetric is also consistent. Correct me if
i'm wrong...

For example, the NIST document recommends the following ciphers suites:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
...

One way forward is to ask Ecrypt folks to produce such TLS suite
recommendation since the step is not that far using as baseline their
current crypto recommendations.

Luis

-----Original Message-----
From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Yngve N. Pettersen
(Developer Opera Software ASA)
Sent: den 17 oktober 2007 13:25
To: Luis Barriga; michael.mccormick@wellsfargo.com;
Anil.Saldhana@redhat.com; public-wsc-wg@w3.org
Subject: Re: ISSUE-128: Strong / weak algorithms? [Techniques]



Any reason why the result of ACTION-285 doesn't suffice?

http://www.w3.org/2006/WSC/track/actions/285
http://lists.w3.org/Archives/Public/public-wsc-wg/2007Sep/0014.html

On Wed, 17 Oct 2007 13:06:50 +0200, Luis Barriga
<luis.barriga@ericsson.com> wrote:

>
> FIPS main audience is *crypto* implementors. It seems too low level
and
> thus doesn't seem to be the primary document to refer to.
>
> We need to refer to some authoritative document(s) recommending TLS
> suites to web site *security* administrators so they can decide which
> ones to enable/disable when deploying TLS-enabled web sites. I don't
> think administrators would get that much help digging into FIPS.
>
> NIST has such document, but as I mentioned in is for govermental use,
> which excludes RC4, that as far as I know (?) is widely deployed due
to
> its high performance.
>
> Luis
>
> -----Original Message-----
> From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org]
> On Behalf Of michael.mccormick@wellsfargo.com
> Sent: den 17 oktober 2007 00:02
> To: Anil.Saldhana@redhat.com; public-wsc-wg@w3.org
> Subject: RE: ISSUE-128: Strong / weak algorithms? [Techniques]
>
>
> It might be better in a W3C standard to reference the international
> equivalents of FIPS 140.
>
> The FIPS 140-1 equivalent is ISO/IEC FCD 19790 "Security requirements
> for cryptographic modules".
>
> Last I heard, FIPS 140-2 was the US input document to an NP recently
> approved by CS1.  At that time it had not yet been assigned an
ISO/IEC
> number, but maybe that has changed.
>
> Mike
>
> -----Original Message-----
> From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org]
> On Behalf Of Anil Saldhana
> Sent: Tuesday, October 16, 2007 3:08 PM
> To: Web Security Context Working Group WG
> Subject: Re: ISSUE-128: Strong / weak algorithms? [Techniques]
>
>
> FIPS 140-2 is the defining standard for cryptology (at least in the
US).
>
> Maybe we can use that as the frame of reference in the rec doc?
>
> Doyle, Bill wrote:
>> A number of standards bodies that we can point to that note
>> recommended strengths.
>>
>> In the US the National Institute of Standards and Technology (NIST)
>> provides the clearing house for recommended practices. Systems could
>> follow Federal Information Processing Standards (FIPS) or FIPS 140-2
>>
>> http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
>>
>>     *From:* public-wsc-wg-request@w3.org
>>     [mailto:public-wsc-wg-request@w3.org] *On Behalf Of
*Hallam-Baker,
>>     Phillip
>>     *Sent:* Tuesday, October 16, 2007 11:33 AM
>>     *To:* Thomas Roessler
>>     *Cc:* Luis Barriga; Web Security Context Working Group WG
>>     *Subject:* RE: ISSUE-128: Strong / weak algorithms? [Techniques]
>>
>>     I would prefer not to make a recommendation here since it is not
a
>>     document that I would want to keep continuously updated.
>>
>>     There is a strong industry consensus here and what we need to do
>>     is to ensure that it is widely recognized as such and have a
>>     mechanism to alert people when the consensus changes (e.g. the
new
>>     results on SHA-1).
>>
>>     *From:* Thomas Roessler [mailto:tlr@w3.org]
>>     *Sent:* Tue 16/10/2007 4:08 AM
>>     *To:* Hallam-Baker, Phillip
>>     *Cc:* Luis Barriga; Web Security Context Working Group WG
>>     *Subject:* Re: ISSUE-128: Strong / weak algorithms? [Techniques]
>>
>>     On 2007-10-15 20:26:04 -0700, Phillip Hallam-Baker wrote:
>>
>>     > I don't think we should write an exhaustive list olf strong
>>     > ciphers. The most we should do is to note that there is a set
of
>>     > ciphers that the consensus recognizes as being acceptably
strong
>>     > which should be supported.
>>
>>     I'd rather we either reference some known-authoritative document
>>     that is being maintained elsewhere (because I don't see us
taking
> on
>>     that kind of document maintenance role for this particular
> problem).
>>
>>     The second-best approach might be to say "these are known bad
> [REF]
>>     [REF] [REF], for the rest, please do your due diligence."
>>
>>     Regards,
>>     --
>>     Thomas Roessler, W3C  <tlr@w3.org>
>>
>
> --
> Anil Saldhana
> Project/Technical Lead,
> JBoss Security & Identity Management
> JBoss, A division of Red Hat Inc.
> http://labs.jboss.com/portal/jbosssecurity/
>
>
>
>
>



-- 
Sincerely,
Yngve N. Pettersen
 
********************************************************************
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************
Received on Wednesday, 17 October 2007 15:19:03 UTC