iTC Meeting Minutes 2024 02 01 - DSC-iTC/cPP GitHub Wiki
Call started at 12:02pm EST
-
Brian Wood
-
Stanley Potter
-
Stephan Mueller
-
Dave Thompson
-
Yi Mao
-
Jim Donndelinger (on then off)
-
Bob Clemons
-
Jerry Myers
-
Zachary Blum
-
Jim Donndelinger (on then off)
-
60 days will be added to the current comment response round to provide time to try and integrate SD changes before the next publication
-
Brian will create published versions of the current cPP for review and comparison with the SD
The call started with a review of the open Pull Requests. It was agreed that the Hammering Update would be modified to only include the crypto change and anti-hammering would be a new issue to be considered in v3. The other pull requests in the v2 Project were merged.
The FCS_CKM 6.2 pull request was briefly reviewed, but was only submitted a few hours before the call. This change will be reviewed for the next call, but it was recommended to Dave that he talk to the FDE contact in the NSA as well as the crypto working group about the proposed changes. Brian pointed out that we do not have to keep the selections as provided by the crypto working group, but that we would have to agree they were the right changes we need.
The call then moved to the v1.0 Project. Brian had added a new column for priority and the issues that were marked as "To close" were reviewed and closed.
At this point Brian stated that the largest amount of remaining issues are in the crypto and the SD. The SD has been largely ignored to this point and so it needs review time. Brian said he was reluctant to hold changes to the SD off until the next public comment period was done and then to "spring" them on in the final 30 day review. This meant that either another comment period was necessary or more time needed to be added now to focus on the SD before publishing the documents.
Brian asked if anyone knew when more updates from the crypto working group would come. The answer was likely March for cPP updates but SD updates have not yet been started, likely leaving the iTC on its own. Brian said he had started looking some at the very old USB crypto SD document, and while this would help with some parts, was not likely to provide everything. He pointed out that some algorithms actually just pointed to other specifications (non-US ones), while all the NIST algorithms had some version of a testing set laid out. Given there are new updates, things like 186-4 → 186-5 + 800-186 as well as all the new algorithms, it is likely we will not be able to provide all the updates. Brian wondered though about trying to submit the testing by pointing to specific test documentation from NIST similar to the way some of the EU algorithms were in the USB document. He pointed out that by writing the tests into these documents, if NIST (or anyone else) updates the test procedures (say due to some error), then the iTC would be on the hook to fix it and keep issuing TDs. Given that this is duplicating work from crypto experts this doesn’t seem like a good use of limited time and resources.
Yi asked about publishing the cPP for comments and then coming out with the SD later. Brian said this could be done, but in the past he had people asking where the SD was when he did this in two parts, and in the end it didn’t really speed anything up as the last review stage needed both documents at once to get ready for publication.
The proposals then were to either add up to 60 days to the current update period and push everything out by that or to add a full third review cycle. The full review cycle would add about 115 days, so about twice as much time. It was felt that the addition of a full cycle was likely to be too long, and that the 60 days seemed more reasonable. It was asked if we could add 30, then see if we needed more and add 30 again, but Brian stated he would rather add the 60 once and if everything finished sooner to start the next phase sooner rather than keep pushing things out repeatedly.
Brian stated he would create the update for the Hammering Update and then create HTML/PDF versions of the docs for everyone to be able to review and prepare issues and updates for the SD focus of the next time period.
The call ended at 1:04pm EST.