Security Policy: Difference between revisions

Security Policy (view source)

Revision as of 01:21, 24 August 2006

4 bytes added , 24 August 2006

no edit summary

Wtchang

canmove, Confirmed users

937

edits

@@ Line 286: / Line 286: @@
 * For the FIPS Approved mode of operation, look up the alternative function <code>"FC_GetFunctionList"</code>.
 |}
-==Non-NIST-Recommended Elliptic Curves==
-The '''basic ECC''' version of the NSS cryptographic module only implements the NIST-Recommended elliptic curves P-256, P-384, and P-521 in FIPS 186-2.
-The '''extended ECC''' version of the NSS cryptographic module implements all the NIST-Recommended elliptic curves and the following non-NIST-Recommended curves:
-* ANSI X9.62 prime curves
-** prime192v2
-** prime192v3
-** prime239v1
-** prime239v2
-** prime239v3
-* ANSI X9.62-1998 binary curves
-** c2pnb163v1
-** c2pnb163v2
-** c2pnb163v3
-** c2pnb176w1 (disallowed in ANSI X9.62-2005). Note: the NSS cryptographic module incorrectly named this curve c2pnb176'''v'''1.
-** c2tnb191v1
-** c2tnb191v2
-** c2tnb191v3
-** c2pnb208w1 (disallowed in ANSI X9.62-2005)
-** c2tnb239v1
-** c2tnb239v2
-** c2tnb239v3
-** c2pnb272w1 (disallowed in ANSI X9.62-2005)
-** c2pnb304w1 (disallowed in ANSI X9.62-2005)
-** c2tnb359v1
-** c2pnb368w1 (disallowed in ANSI X9.62-2005)
-** c2tnb431r1
-* SEC 2 prime curves
-** secp112r1
-** secp112r2
-** secp128r1
-** secp128r2
-** secp160k1
-** secp160r1
-** secp160r2
-** secp192k1
-** secp224k1
-** secp256k1
-* SEC 2 binary curves
-** sect113r1
-** sect113r2
-** sect131r1
-** sect131r2
-** sect163r1
-** sect193r1
-** sect193r2
-** sect239k1
-Although FIPS 140-2 Implementation Guidance IG 1.6 allows the use of non-NIST-Recommended curves in the FIPS Approved mode of operation, we recommend that the non-NIST-Recommended curves not be used in the FIPS mode.
 ==Authentication Policy==
@@ Line 406: / Line 355: @@
 * authentication data (passwords): Stored in the private key database (key3.db).
 * audited events and audit data (Security Level 2 only): Stored in the system audit logs.
+====Non-NIST-Recommended Elliptic Curves====
+The '''basic ECC''' version of the NSS cryptographic module only implements the NIST-Recommended elliptic curves P-256, P-384, and P-521 in FIPS 186-2.
+The '''extended ECC''' version of the NSS cryptographic module implements all the NIST-Recommended elliptic curves and the following non-NIST-Recommended curves:
+* ANSI X9.62 prime curves
+** prime192v2
+** prime192v3
+** prime239v1
+** prime239v2
+** prime239v3
+* ANSI X9.62-1998 binary curves
+** c2pnb163v1
+** c2pnb163v2
+** c2pnb163v3
+** c2pnb176w1 (disallowed in ANSI X9.62-2005). Note: the NSS cryptographic module incorrectly named this curve c2pnb176'''v'''1.
+** c2tnb191v1
+** c2tnb191v2
+** c2tnb191v3
+** c2pnb208w1 (disallowed in ANSI X9.62-2005)
+** c2tnb239v1
+** c2tnb239v2
+** c2tnb239v3
+** c2pnb272w1 (disallowed in ANSI X9.62-2005)
+** c2pnb304w1 (disallowed in ANSI X9.62-2005)
+** c2tnb359v1
+** c2pnb368w1 (disallowed in ANSI X9.62-2005)
+** c2tnb431r1
+* SEC 2 prime curves
+** secp112r1
+** secp112r2
+** secp128r1
+** secp128r2
+** secp160k1
+** secp160r1
+** secp160r2
+** secp192k1
+** secp224k1
+** secp256k1
+* SEC 2 binary curves
+** sect113r1
+** sect113r2
+** sect131r1
+** sect131r2
+** sect163r1
+** sect193r1
+** sect193r2
+** sect239k1
+Although FIPS 140-2 Implementation Guidance IG 1.6 allows the use of non-NIST-Recommended curves in the FIPS Approved mode of operation, we recommend that the non-NIST-Recommended curves not be used in the FIPS mode.
 ===Specification of Services===