[cryptography] IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM)

Nico Williams nico at cryptonector.com
Tue Jun 21 14:24:40 EDT 2011


On Tue, Jun 21, 2011 at 1:17 PM, Novikov, Lev <lnovikov at mitre.org> wrote:
> On 2011-06-21 13:36, Nico Williams wrote:
>> [...] My concern is that we already have a large number of
>> technologies in the IETF for establishing channels[*].  Adding any
>> more should require some strong justification for not using an
>> existing one. [...] But when we're talking about *new* protocols, we
>> need to set the bar pretty high [...].
>
> Just to clarify, CICM specifies the API between the client program and
> the crypto module; not the messages used to establish the channel between
> the peers (as the protocols you reference do).
>
> Use of those protocols does not obviate the need for a lower level API
> that actually interacts with the crypto.

Even so, what value does this add over, any of the APIs and frameworks
we already have?

If the issue is ensuring that you are able to login to tokens, why not
add suitable extensions to the GSS-API (basically a single function)?

Nico
--



More information about the cryptography mailing list