At 4:59 PM -0700 9/23/08, Nelson B Bolyard wrote: >In finality, you have to pick a table from someone you believe has done a >really good job of analyzing it.
Right. >Given that NIST's tables are the basis >for the US Government's protection of its own secrets, which it guards >jealously, I'm inclined to accept them as adequately conservative. :) This may seem nitpicky, but... NIST's tables are for "Federal Government unclassified applications" (see the table intro on page 65). NIST does not set the rules for US Govt secrets; the NSA does. See <http://www.nsa.gov/ia/industry/crypto_suite_b.cfm>. The NSA's requirements for secret and top secret are quite different than what you see in SP 800-56 part 1. Apropos to this thread, RSA signing is not allowed for certificates on secret or top secret material, only ECDSA is. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
