CryptoInClientsSummit2006

Session Title

Crypto in Clients: Trends, Plans, Demos

Session Leader

Bob Lord, Tim Riley

Summary

Bob Lord and members of his security community present trends, plans and demos. This session will emphasize interactive discussion and Q&A.

Agenda

• Overview of Trends
• Plans from the security community

Interested Attendees

Please add your name here if you're likely to attend this session, this will help prioritize sessions and minimize conflicts

• dolske
• beltzner
• Frank Hecker
• timeless
• robcee
• Nelson Bolyard
• Wan-Teh Chang

Meeting Notes

11/15/06

ECC keys

• stronger then equivalent next higher RSA key
  • 512 ECC is stronger then 1024 RSA key
  • ECC faster to process
• Recommendation is to not encrypt with 1K RSA key in 4-5 years
• 2048 CA keys are common now

TLS 1.2

• Goal: Crypto agility - no hard coded algorithms
• Currently hardcoded to use SHAH 1 and Suite B
• Will this be 312? No sure [dveditz]

FIPS 140-2

• Hardware or software encryption
• Also a Canadian standard
• Last NSS valdation (version 3.2) was in Netscape 6.2
• New validation for NSS 3.11
  • takes 3 months for validation
  • Want to get 3.11 into 2.0.0.1
  • 1.8 branch is already 3.11.3 (FF 2)
  • Plan to go to 3.11.4 for 2.0.0.1
  • FF1.5 has NSS 3.10.2 (roughly)
  • FIPS 5 is the numeric code for states
• New things in Version 2 (140-2) has
  • New requirements for strength of passwords
  • Auditing events in crypo module

Shared DBs

• Same st of user keys
• to get new key:
  • Get key from FFx
  • copy it off web page
  • Copy into TBird
  • Cannot directly access same key by both FFx and TBird
    • Gov requirement for limit access to keys by different apps
• Tried Sleepycat
• Tried RDB for SQL Lite

LibPKIX

• Path validation standard
• Path Discovery
• OID - Object Identifier
• If you get a message from FBI was it really FBI?