Closed woodbe closed 1 year ago
woodbe
commented
1 year ago @yiatsec is this needed for the current evaluation or is this something that can wait until v1.1? I don't see any particular issue with this change, but if it isn't needed for the current eval, I would prefer to defer to v1.1.
woodbe
commented
1 year ago This is needed for the current eval
woodbe
commented
1 year ago Do we need to have TDES? The current doc doesn't have any TDES, and I can't see wanting to add it (I know there are some banking systems that still use it, but it is now only approved for decrypting data, so it would seem strange to add it to wrap keys since that would imply using it elsewhere).
woodbe
commented
1 year ago As this is in the informative section of the document, I do not think this needs to have a TD issued for it. The intro section does not lay requirements on what is or isn't available in the evaluation, so this should not need a TD to be created. I was not realizing this is not an SFR request and do not feel this would have any impact on an evaluation (any more than any other editorial change).
If we want to issue a broad "editorial fixes" TD, this could go in, but otherwise I would not make this a priority.
yiatsec
commented
1 year ago We do not need to have TDES. We're okay for not issuing a TD, and make editorial fixes in v1.1. The related SFR is FDP_ITC_EXT.2.1. This SFR contains the "assignment" operation, which is more flexible than selection, and can assign AES KeyWrapping as the method that maintains confidentiality and integrity integrity. So, we are good here.
Comment:
A DSC protects the integrity of an SDO with one of the following methods:... should be extended to allow authenticated encryption ciphers compliant to NIST SP800-38F such as AES Key-Wrapping and TDES Key- Wrapping.
Proposal:
Add the SP800-38F compliant authenticated encryption ciphers such as AES Key-Wrapping and TDES Key- Wrapping to the bulletin list.
Priority: 2