iTC Meeting Minutes 2024 08 02 - DSC-iTC/cPP GitHub Wiki
Call started at 12:03pm EDT
The call started with a review of the open pull requests. The FCS_RBG update, ECD formatting update and the FCS_CKM_EXT.8 selection update were all merged on the call. The FCS_CKM_EXT.7 app note update was closed as the part of the change that was agreed with was already included in another update and the remaining changes were rejected for inclusion for a DSC. The reference update was discussed and further standards will be added to the list based on comments made by Joachim and then merged. The FCS_CKM.6.2 edits was moved to target v3.0 to provide time to work between the crypto WG, FDE and others on coming up with an updated standard set of claims. This could be brought back, but at this point it seems like a fully agreed-upon update will take longer than the targeted timeline for publication.
The call then moved to the remaining open issues targeting the v2.0 release. Of these, only #341 and #347 are new. #341 was updated on the call for one of the changes to the app notes to make for consistency while the review still needs to happen to propose the app note parts to be removed. #347 was discussed and the dependencies will be checked and updated. This is really focused on the FCS requirements that are modified by the iTC as the crypto WG has already updated the dependencies in their tables, so those are already included in the updates made to the cPP.
The final topic of the call was a discussion on the crypto EAs. The latest updates don’t seem to point to any comments from the WG about their EA proposals, but they do not yet have any written examples. It was discussed whether the SD should include an explicit reference to obtaining test vectors. This may be tricky as it isn’t clear that there are always public test vectors that could be referenced. The conclusion was that the SD should provide examples of where they may be obtained if possible, but that largely the test requirements would be "confirm against a known-good implementation using vectors that are considered sufficient to prove the algorithm is correctly implemented". Brian will propose what this should look like by the August 29 call.
The call ended at 1:10pm EDT.