Metadata Distribution Subcommittee of TAC

["Joe St Sauver" <>]

Hi,

Regarding the key management section, this came up on another list over the
last day or two; two potentially relevant bits...

During a discussion of protecting a CA's private keys yesterday, the 
question of what the CAB Forum requires resulted in...

#See Section 16.6 of the Certificate and Browser Forum Baseline Requirements
#at https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf
#
#For devices certified for FIPS 140 at level 3, check out
# http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm and
#then search that web page for the appropriate level
#
#For Common Criteria EAL 4 or higher, start with 
# http://www.commoncriteriaportal.org/products/

Are folks thinking of similar requirements in this context?

And then today:

#Those who are interested in key management may wish to note:
#
#   Cryptographic Key Management Workshop 2014
#   http://www.nist.gov/itl/csd/ct/ckm_workshop2014.cfm
#   March 4-5, 2014, NIST, Gaithersburg MD
#
#See also:
#
#   SP 800-152
#   DRAFT A Profile for U. S. Federal Cryptographic Key Management Systems 
(CKMS)
#   http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-152
#   Released 7 Jan 2014, comments due by March 5, 2014

FWIW, I'd also note that if HSMs are going to be part of the equation, we 
have the ability to offer the SafeNet LUNA HSMs through the multifactor 
program agreement with SafeNet, but not at much of a discount from list 
prices.

Regards,

Joe