[cryptography] IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM)

Novikov, Lev lnovikov at mitre.org
Mon Jun 20 16:01:58 EDT 2011

Some responses to reactions to Kevin's post.

On 2011-06-18 19:32, Kevin Wall wrote:
> First of all, I must say I apologize to Lev Novikov, as I promised to 
> do this several months ago, but unfortunately I had completely 
> forgotten about it. My bad. I hope, better late than never.

No worries. This is a good time for people to get involved as we're 
moving to try and get a WG formed at IETF.

On 2011-06-18 19:44, Paul Huffman wrote:
> Just to set folks' expectations correctly: [...]
> There is a *proposed* IETF Working group ...
> [...]
> That is, this WG has not been considered by the IETF, much less 
> approved. Might happen, might not.

Absolutely correct. The BOF has been recently approved; not the WG.

> BoF sessions are informal ways for people (particularly the IETF 
> leadershipoids) to determine if forming a particular WG is a good or 
> bad idea. Results are often surprising.

I'm preparing myself for an interesting experience.

On 2011-06-19 12:38, Peter Gutmann wrote:
> Just one word really: Why?

There is an existing class of devices and environments (e.g., military 
and diplomatic communications) which have particular requirements that 
are hard to retrofit into existing crypto APIs (i.e. the logical models
are substantially different).

For example, many of these devices operate in a manner such that the 
results of cryptographic operations are not returned to program that 
initiate the operation--as they are in existing crypto APIs. Rather, 
the request starts in one security domain, is executed by the crypto 
(which is on the border between two domains), and the result emanates in
another domain.

See: http://tools.ietf.org/html/draft-lanz-cicm-lm-00
for other examples of logical model differences between existing APIs 
and a high assurance API.

I'm glad to respond to more questions / comments here (or you can email 
cicm at ietf.org).


More information about the cryptography mailing list