CryptoInClientsSummit2006: Difference between revisions
Jump to navigation
Jump to search
| (4 intermediate revisions by 4 users not shown) | |||
| Line 24: | Line 24: | ||
* [[User:Hecker|Frank Hecker]] | * [[User:Hecker|Frank Hecker]] | ||
* timeless | * timeless | ||
* [[User:rcampbell|robcee]] | |||
* Nelson Bolyard | |||
* Wan-Teh Chang | |||
== Meeting Notes == | |||
11/15/06 | |||
=== ECC keys === | |||
* stronger then equivalent next higher RSA key | |||
** 512 ECC is stronger then 1024 RSA key | |||
** ECC faster to process | |||
* Recommendation is to not encrypt with 1K RSA key in 4-5 years | |||
* 2048 CA keys are common now | |||
=== TLS 1.2 === | |||
* Goal: Crypto agility - no hard coded algorithms | |||
* Currently hardcoded to use SHAH 1 and Suite B | |||
* Will this be 312? No sure [dveditz] | |||
=== FIPS 140-2 === | |||
* Hardware or software encryption | |||
* Also a Canadian standard | |||
* Last NSS valdation (version 3.2) was in Netscape 6.2 | |||
* New validation for NSS 3.11 | |||
** takes 3 months for validation | |||
** Want to get 3.11 into 2.0.0.1 | |||
** 1.8 branch is already 3.11.3 (FF 2) | |||
** Plan to go to 3.11.4 for 2.0.0.1 | |||
** FF1.5 has NSS 3.10.2 (roughly) | |||
** FIPS 5 is the numeric code for states | |||
* New things in Version 2 (140-2) has | |||
** New requirements for strength of passwords | |||
** Auditing events in crypo module | |||
=== Shared DBs === | |||
* Same st of user keys | |||
* to get new key: | |||
** Get key from FFx | |||
** copy it off web page | |||
** Copy into TBird | |||
** Cannot directly access same key by both FFx and TBird | |||
*** Gov requirement for limit access to keys by different apps | |||
* Tried Sleepycat | |||
* Tried RDB for SQL Lite | |||
=== LibPKIX === | |||
* Path validation standard | |||
* Path Discovery | |||
* OID - Object Identifier | |||
* If you get a message from FBI was it really FBI? | |||
Latest revision as of 00:36, 16 November 2006
Session Title
Crypto in Clients: Trends, Plans, Demos
Session Leader
Bob Lord, Tim Riley
Summary
Bob Lord and members of his security community present trends, plans and demos. This session will emphasize interactive discussion and Q&A.
Agenda
- Overview of Trends
- Plans from the security community
Interested Attendees
Please add your name here if you're likely to attend this session, this will help prioritize sessions and minimize conflicts
- dolske
- beltzner
- Frank Hecker
- timeless
- robcee
- Nelson Bolyard
- Wan-Teh Chang
Meeting Notes
11/15/06
ECC keys
- stronger then equivalent next higher RSA key
- 512 ECC is stronger then 1024 RSA key
- ECC faster to process
- Recommendation is to not encrypt with 1K RSA key in 4-5 years
- 2048 CA keys are common now
TLS 1.2
- Goal: Crypto agility - no hard coded algorithms
- Currently hardcoded to use SHAH 1 and Suite B
- Will this be 312? No sure [dveditz]
FIPS 140-2
- Hardware or software encryption
- Also a Canadian standard
- Last NSS valdation (version 3.2) was in Netscape 6.2
- New validation for NSS 3.11
- takes 3 months for validation
- Want to get 3.11 into 2.0.0.1
- 1.8 branch is already 3.11.3 (FF 2)
- Plan to go to 3.11.4 for 2.0.0.1
- FF1.5 has NSS 3.10.2 (roughly)
- FIPS 5 is the numeric code for states
- New things in Version 2 (140-2) has
- New requirements for strength of passwords
- Auditing events in crypo module
- Same st of user keys
- to get new key:
- Get key from FFx
- copy it off web page
- Copy into TBird
- Cannot directly access same key by both FFx and TBird
- Gov requirement for limit access to keys by different apps
- Tried Sleepycat
- Tried RDB for SQL Lite
LibPKIX
- Path validation standard
- Path Discovery
- OID - Object Identifier
- If you get a message from FBI was it really FBI?