iTC Meeting Minutes 2023 06 08 - DSC-iTC/cPP GitHub Wiki
Call started at 12:03pm EDT
The call started off with a discussion about direct rationale or not in the update to the cPP. Jim brought this up to Matt and it was discussed. Matt said he would look into it and let us know the direction NIAP would take.
Jim said that in the next week or so we should get the SFRs from the CCDB Crypto catalog to review. He will review the catalog against the current requirements in the cPP and point out changes that may be needed or things to consider.
Matt then asked about our inclusion of CNSA 2.0 algorithms. Brian stated that our plan was to include them when they provided them. Stephan asked whether we should do that right away since they weren’t all complete. Brian stated that he wanted to get them in before the public review period and that we could note that those SFRs may still be tweaked by NIAP before publication but we were including them because they are to be in the new version. This would provide time for review while also ensuring the draft was a complete as possible.
The call then moved to the proposed PR #128 for the FCS_CKM_EXT.8 change. The discussion debated whether the FIA_TRT_EXT requirement was necessary or if FIA_AFL_EXT.1 was sufficient already, or if this should be wrapped into that SFR instead of a separate one. In addition, it was discussed whether the numbers provided (taken from MDF) are even useful in this case, or if they should be modified.
It was agreed that there was more investigation that was needed to resolve this, at least in part because it wasn’t clear, looking at FIA_AFL_EXT.1 if throttling was needed or not. This will have to be discussed as it is possible the PBKDF concern about the 1000 rounds and the delays this introduces are really not necessary as the failed authorization counters are sufficient and so high PBKDF rounds are not necessary. This will need to be reviewed and the PR updated as such.
At the end of the call Brian requested everyone review the other two open pull requests as the changes were much simpler (more editorial) and so should be easily approved for merge.
The call ended at 12:59pm EDT.