< Return to Ballot details
Vote Details
Ballot: Approve ck-ecdh2-derive-params for inclusion in PKCS#11 v3.0 |
Company:SafeNet, Inc. |
Vote:No |
Comment:Sorry for the long comment, but I can only make one comment per ballot.
I also support Bob's comment. It may be easier moving forward if we updated the test for all the ECDH mechanisms so that they read "if the derivation function is CKD_NULL, else...". That way we do not need to update the list of KDFs if/when additional ones are added.
The proposal states that CK_ECDH2_DERIVE_PARAMS provides the parameters to CKM_ECMQV_DERIVE. Was that intentional? CKM_ECMQV_DERIVE already has a parameter CK_ECMQV_DERIVE_PARAMS and references X9.63 as the algorithm used. I expected to see the text for CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE updated to account for CK_ECDH2_DERIVE_PARAMS. Or additional mechanisms (For example CKM_ECDH2_DERIVE and CKM_ECDH2_COFACTOR_DERIVE) created that used CK_ECDH2_DERIVE_PARAMS. And I think we need to call out a standard that defines how to use the two key pairs, either SP800-56Ar1 or some other standard that defines 2-key ECDH. |
|