[cryptography] IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM)

Novikov, Lev lnovikov at mitre.org
Tue Jun 21 13:17:29 EDT 2011

On 2011-06-22 12:50, Peter Gutmann wrote:
> The problem is that introducing a totally new crypto API today is
> going to be pretty much impossible. [...]
> I cannot imagine what size hammer you'd need to wield to convince
> vendors to implement a totally new API for their products. [...]
> The problem really is political, not technical.

I see your point. Perhaps you'd be interested in some aspects of
CICM's history.

CICM was originally developed by MITRE for the US Air Force with
significant input from crypto module vendors.
See: http://tools.ietf.org/html/draft-lanz-cicm-02#section-10

In order to ensure its continued existence, the Air Force publicly
released CICM (Oct 2009) and the documents were converted to
Internet-Drafts and submitted to the IETF (Jan 2010).

Since then, at least one consortium (Wireless Innovation Forum) adopted
CICM as a source document for their security API work and several 
vendors and researchers from different countries have started to 
evaluate CICM. A few vendors are currently writing prototype drivers
for CICM.
See: http://code.google.com/p/ietf-cicm/wiki/Prototypes_2011

I agree with your general assessment that it is difficult to get vendors
to implement brand-new drivers for their products. Moreover, it is a
chicken-and-egg problem: if there are no products that implement CICM, 
why should I write my software using CICM? If there are no applications
that use CICM, why should I write CICM drivers for my products?

However, this is true of any API, and the reality is that when all 
stakeholders are involved in forming the API, it makes it much easier 
for them to adopt it.

Time will tell how effective this strategy was; for now, we're trying to
form a Working Group in the IETF to:

1. Create a stable and public reference to the work around which 
   several organizations are rallying.
2. To improve the API and make sure it meets the needs of a wide range 
   of vendors, users, and organizations.


More information about the cryptography mailing list