Skip to content

MeetingMinutes Minutes015042015

Jump to bottom Edit New page
Robert Relyea edited this page Mar 5, 2025 · 4 revisions

April 15, 2015 Meeting Minutes

Role Call

  • Bob performed roll call, we have quorum. This will be an official meeting.

Proposed Agenda

  1. Opening remarks (co-chairs)
  2. Roll call
  3. Review / approval of the agenda
  4. Review of previous meeting minutes (March 18, April 1)
  5. Old Business
    • V.40 items
    • RSA Conference
      • Interop
    • V2.41 items
    • V3.0 Status Items
    • Review outputs from NIST workshop
    • Topics for next call
  6. New Business
  7. Review Action Items
  8. Adjourn

Opening Remarks

  • BobG: Dinner to be started at 6pm

Agenda Additions

Motion to accept agenda

  • Tim moved, Mark J seconded. No objections or abstentions or discussions.

Approve Previous Meeting Minutes

  • March 18, 2015 - Tim moved, Jim S seconded. No objections or abstentions or discussions.
  • April 1, 2015 - Tim moved, Jim S seconded. No objections or abstentions or discussions.

Old Business

V2.40

  • BobG: OASIS Ballots have closed – we have all the documents across the line.
  • Valerie: spoken to OASIS folks and there is consensus that the process is repetitive and slow. OASIS are looking at ways to improve it. Need to leverage the wiki more.
  • Tim: We could also look at some docs going to committee note rather than a full spec document – general agreement on that point.
  • Valerie: Need a API to handle sunsetting of mechanisms, etc. General agreement on that point.
  • BobG: PKCS11 was noted as a critical piece required for most of the items discussed at the NIST workshop but there was little understanding that P11 is still in active development
  • BobG: Should look more at using the OASIS PKCS11 wiki for basic information repository on PKCS11 and related materials.

RSA Conference

Interop

  • Tony: Participants are all prepared. Some technical interoperability demonstrations going ahead in the background. KMIP and PKCS11 demos are intermingled and demonstrating interop between p11 and KMIP implementations.
  • Bob G: should seek greater exposure of the OASIS interop and in fact of P11 and KMIP TC activities and OASIS marketing functions.
  • Bob G: should look at posting on the wiki about relevant conference that we should be considering speaking at.
  • GrahamS: suggests CHES conference in France in September, ASA conference in Verona in July (Graham can help with that event)

V2.40

  • BobG: Votes are complete – we’re done – a press release will follow soon
  • BobG: Advocates that much of the content for 2.40 and versions going forward, should remain at committee draft and keep a minimum of items in the point release for full OASIS vote.

V2.41

Secure Key Import Proposal

  • Graham: Presented the proposal as uploaded to the reflector.
    • Tim: We do need to raise the concept of a unique identifier and handle this as a separate item.
    • Graham to consult with Tim to document the options here.
  • Findings: 
  1. GCM/CCM wrap/unwrap
  2.1 unique ID, vendor identifiers
  2.2 serialization of objects inc vendor specific extensions
  2.3 attribute criticality - and/or safe PKCS#11 subset

Message-Based Encryption Functions

  • Bob R: Presented the proposal as uploaded to the reflector (https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/53446/PKCS11MessageBasedEncryption20140624.pdf)
  • In all instances the semantics are to change to ‘C_MessageEncrypt..’ – Init and Final should be changed to be consistent. (C_MessageEncrypt -> C_EncryptMessage & C_MessageDecrypt -> C_DecryptMessage)
  • Dina: Suggested ditching V2 and putting message in the mech. – All agreed, so (CK_GCM_PARAMS_V2 -> CK_GCM_MESSAGE_PARAMS)
  • Table of vendor-specific functions to be added with specific instructions to be included to warn that the table will be broken as the specification develops and we cherry-pick the appropriate content. Need to evaluate the list to see if it is a 2.41 or a 3.0 inclusion.
  • Method for handling addition of new functions in v2.41 discussed. BobR to bring forward a proposal around a subset of previous discussions handling both the new v2.41 functions, the original v2.40 table and a vendor specific table.

AES/XTS

  • Mark P presented on AES/XTS – no proposal, based on email from Marko Nippula on 29/30 May 2014.
  • Proposal being sought to support.
  • Decision is to have a new key type.

Dina’s questions

  • Dina raised a range of questions.
  • Dina to draft topics for usage guide content in relation to her questions and these will appear in the list of items.
  • CK_Destroyable in section 4.4 – addition of superscript for lockable and destroyable
  • CKA_COPYABLE has opportunities for implementation divergence. Discussion. BobR to contribute to Usage Guide.
  • Chris to modify CKA_COPYABLE and 11 against CKA_DESTROYABLE to contain superscript.

Header files

  • Email received from Chet about header files
  • Stef created a set of header files back in Sep
  • Never fully reconciled with the final version of the specifications
  • Valerie: Stef's work unclear if this is what they should be or what is in the spec. Should be what is in the standard. Pointer to known issues. Need final version.
  • Tim: translating - want pristine v2.40 and errata v2.40 (that moves to v2.41).

Error codes & deprecation

  • We need a proposal about some extended error codes and a method for deprecating items. – Valerie to make a start
  • Tim: suggested CKR_prohibited_by_policy.

Interop

  • Dina mentioned a lack of responses to questions posted to the list
  • Suggestion of an interop subcommittee – Bob to think about it and bring a proposal in two weeks.

v3.0

Direction of the PKCS11 TC

  • BobG: Raised the issue of total lack of visibility of P11 and the fact it isn’t recognised despite wide deployment

Post quantum crypto workshop

  • BobG: speaking with Burt K and have concerns about PKCS11 in a post quantum crypto environment
    • signed code packages and bootstrapping/re-establishing trust after a compromise
    • BobG: attending a post-quantum crypto RSA meeting on Sunday 19th. Described “SAFECrypto” proposal.
    • BobG: Should we consider supporting hash based signatures and state within HSMs? Probably needs more than just a new mechanism
    • Approach is to come up with a post-quantum crypto signature scheme such that we can securely handle changed, updated items once quantum crypto is an actual threat. This allows for a controlled path to channel the panic responses.

New Business

  • None

Meeting planner

  • Next call to be scheduled on 29 April 2015

Action Items

  • Bob G: to approach EMC/RSA to see if the historical PKCS Series documents can be brought out and hosted on the PKCS11 wiki.
  • TonyC: Add a link to the main TC public page to known PKCS11 implementation page and ensure the page is updated at least once a quarter (update need only be simple)
  • TonyC: Add a wiki page for “PKCS11 activities” for folks to blog to. Product announcements permitted in a defined format.
  • GrahamS: add some of the more pertinent blog entries from the Cryptosense blog to the “PKCS11 activities page”
  • BobG: reach out to CarolG @ OASIS to look into greater visibility of the RSA interop and related items.
  • TonyC: look at posting relevant conferences and events on the wiki
  • Dina: draft usage guide content in relation to her questions for review in 2 weeks
  • BobG and BobR: to contribute to Usage Guide in relation to locking attributes to prevent modification.
  • Dina: bring forward list of items.
  • Chris: build errata list to note 12 against CKA_COPYABLE and 11 against CKA_DESTROYABLE.
  • Chris: post the current header files into the document folder for review for 2.40.
  • Dina: post the errata header files into the document folder for review for 2.40.
  • MarkJ: Offered to assit in testing that the errata header file
  • Dina: provide the working draft which is a continuation of Stef’s contribution and Oscar’s work.
  • Valerie: take a first stab at a proposal to an expanded set of error codes and a method of signalling disable by policy.
  • BobG: add matching text to usage guide
  • BobG: provide a proposal at the meeting on the 29th regarding an interop subcommittee
  • BobR: look at how far https://tools.ietf.org/html/draft-mcgrew-hash-sigs-02 is away from being implementable.
  • BobG: arrange a face to face meeting in September and invite Burt K and Dave McG to discuss how PKCS11 and vendors supporting it can ensure alignment with the hash-based signing etc.
  • BobG: circulate the relevant links and to check with Bert about releasing some of the relevant slides.
  • BobR: come back with the last piece of work from Wan-Teh's proposal
  • Dieter: create 3.0 suggestion document, move 2.40 suggestions over into new 3.0 suggestion document. (not started, yet) (09042014.01)
  • Tony: Move all action items into JIRA
  • GrahamS: Develop proposal on secure key import and bring it forward to the group.
  • MarkP: To bring forward a AES-XTS propsal

Minutes Review

  • Minutes for today's meeting were reviewed,, updated and agreed/accepted. Tim moves, BobR, seconds, no objections, abstentions or comments.

Motion to Adjourn

  • Tim moved, BobR seconded. No objections or abstentions or discussions. Adjourned 15:59PM US-PST.
Add a custom footer
Add a custom sidebar
Clone this wiki locally