Wow, what an important point, Lev. Could you provide a brief list of features present in our APIs and missing elsewhere?
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Novikov, Lev Sent: Wednesday, May 18, 2011 5:07 AM To: CICM Discussion List Subject: Re: [cicm] BoF Request for CICM at IETF 81 On 2011-05-16 at 21:11, Dennis Bourget wrote: > Again, I may be picking nits, but I still don't believe that the API > offers any security domain separation. > I would just delete "and thus offers". On 2011-05-16 at 23:36, John Davidson wrote: > Dennis wrote: ...I still don't believe that the API offers any security > domain separation. I wish I had written that! Policy enforcement is not an > API's thing, IMHO. On 2011-05-17 at 13:31, Kevin Wall wrote: > And while we're picking nits, should read "vendor NEUTRAL", not > "vendor agnostic"...unless you believe that nothing can be known / proven > wrt the existance of vendors. ;-) Good points all. Updated. http://code.google.com/p/ietf-cicm/wiki/WGCharter The Common Interface to Cryptographic Modules (CICM) defines an application programming interface for the security services provided by cryptographic modules developed by multiple vendors. The API is intended to support high assurance cryptography, security domain separation, and enhanced module, key, and channel management capabilities that are vendor neutral. On 2011-05-17 at 10:28, John Davidson wrote: > This may be a case for just leaving out the "high assurance" (HA) part. > [...] > Isn't our API more about being generic and allowing the user to make design > choices between best effort and rigorous HA? The reason we're referring to high assurance is because it is an important differentiating factor between CICM and current commercial crypto APIs (e.g., PKCS#11). CICM allows users to make a design choice that is not available in other APIs-- a point that we need to stress to create this Working Group. Otherwise, we are just a very large, generic API (and the IETF already has GSS-API: Generic Security Services API). Thank you all for your feedback. Any other points we should clarify? We'll be asking the Security Area Directors for permission to hold the BoF next week (Friday), so let's make sure the charter is ironed out before then. Thanks, Lev _______________________________________________ cicm mailing list [email protected] https://www.ietf.org/mailman/listinfo/cicm _______________________________________________ cicm mailing list [email protected] https://www.ietf.org/mailman/listinfo/cicm
