MozillaWiki

CryptoInClientsSummit2006: Difference between revisions

No edit summary
 
 
(8 intermediate revisions by 8 users not shown)
Line 19: Line 19:


Please add your name here if you're likely to attend this session, this will help prioritize sessions and minimize conflicts
Please add your name here if you're likely to attend this session, this will help prioritize sessions and minimize conflicts
* dolske
* beltzner
* [[User:Hecker|Frank Hecker]]
* timeless
* [[User:rcampbell|robcee]]
* Nelson Bolyard
* Wan-Teh Chang
== Meeting Notes ==
11/15/06
=== ECC keys ===
* stronger then equivalent next higher RSA key
** 512 ECC is stronger then 1024 RSA key
** ECC faster to process
* Recommendation is to not encrypt with 1K RSA key in 4-5  years
* 2048 CA keys are common now
=== TLS 1.2 ===
* Goal: Crypto agility - no hard coded algorithms
* Currently hardcoded to use  SHAH 1 and Suite B
* Will this be 312?  No sure [dveditz]
=== FIPS 140-2 ===
* Hardware or software encryption
* Also a Canadian standard
* Last NSS valdation (version 3.2) was in Netscape 6.2
* New validation for NSS 3.11
** takes 3 months for validation
** Want to get 3.11 into 2.0.0.1
** 1.8 branch is already 3.11.3 (FF 2)
** Plan to go to 3.11.4 for 2.0.0.1
** FF1.5 has NSS 3.10.2 (roughly)
** FIPS 5 is the numeric code for states
* New things in Version 2 (140-2) has
** New requirements for strength of passwords
** Auditing events in crypo module
=== Shared DBs ===
* Same st of user keys
* to get new key:
** Get key from FFx
** copy it off web page
** Copy into  TBird
** Cannot directly  access same key by both FFx and TBird
*** Gov requirement for limit access to keys by different apps
* Tried Sleepycat
* Tried RDB for SQL Lite
=== LibPKIX ===
* Path validation standard
* Path Discovery
* OID - Object Identifier
* If you get a message from FBI was it really FBI?

Latest revision as of 00:36, 16 November 2006

Session Title

Crypto in Clients: Trends, Plans, Demos

Session Leader

Bob Lord, Tim Riley

Summary

Bob Lord and members of his security community present trends, plans and demos. This session will emphasize interactive discussion and Q&A.

Agenda

  • Overview of Trends
  • Plans from the security community

Interested Attendees

Please add your name here if you're likely to attend this session, this will help prioritize sessions and minimize conflicts

Meeting Notes

11/15/06

ECC keys

  • stronger then equivalent next higher RSA key
    • 512 ECC is stronger then 1024 RSA key
    • ECC faster to process
  • Recommendation is to not encrypt with 1K RSA key in 4-5 years
  • 2048 CA keys are common now

TLS 1.2

  • Goal: Crypto agility - no hard coded algorithms
  • Currently hardcoded to use SHAH 1 and Suite B
  • Will this be 312? No sure [dveditz]

FIPS 140-2

  • Hardware or software encryption
  • Also a Canadian standard
  • Last NSS valdation (version 3.2) was in Netscape 6.2
  • New validation for NSS 3.11
    • takes 3 months for validation
    • Want to get 3.11 into 2.0.0.1
    • 1.8 branch is already 3.11.3 (FF 2)
    • Plan to go to 3.11.4 for 2.0.0.1
    • FF1.5 has NSS 3.10.2 (roughly)
    • FIPS 5 is the numeric code for states
  • New things in Version 2 (140-2) has
    • New requirements for strength of passwords
    • Auditing events in crypo module

Shared DBs

  • Same st of user keys
  • to get new key:
    • Get key from FFx
    • copy it off web page
    • Copy into TBird
    • Cannot directly access same key by both FFx and TBird
      • Gov requirement for limit access to keys by different apps
  • Tried Sleepycat
  • Tried RDB for SQL Lite

LibPKIX

  • Path validation standard
  • Path Discovery
  • OID - Object Identifier
  • If you get a message from FBI was it really FBI?
Retrieved from "https://wiki.allizom.org/index.php?title=CryptoInClientsSummit2006&oldid=42092"