Joe St Sauver wrote:
Hi,
Those who are interested in key management may wish to note:
Cryptographic Key Management Workshop 2014
http://www.nist.gov/itl/csd/ct/ckm_workshop2014.cfm
March 4-5, 2014, NIST, Gaithersburg MD
See also:
SP 800-152
DRAFT A Profile for U. S. Federal Cryptographic Key Management Systems (CKMS)
http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-152
Released 7 Jan 2014, comments due by March 5, 2014
Don't forget to look at SP 800-130 in parallel.
"A Framework for Designing Cryptographic Key Management Systems"
Overall, an endless list of requirements that may be useful as a barrier
to entry in the US Federal Government IT security market.
Not necessarily a bad checklist; I could not identify any specific
innovation-suppressor element (over the ones already present in the NIST
mandatory techniques) after a quick glimpse at a few document sections.
The crazy things in Canada is that NIST mandatory techniques are merely
"recommended" in the Canadian Federal Government. So the official crypto
policy is the NIST one but departments and government agencies have no
incentive to ever procure NIST-approved solutions: they have much more
freedom when doing otherwise.
Have fun with key management challenges!
--
- Thierry Moreau
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography