On 24/02/17 18:34, Gervase Markham via Public wrote:
Hi Philip,
This is a useful timeline. It may be missing a few items, though:
On 24/02/17 09:58, philliph--- via Public wrote:
The availability of HSMs is a concern but it is actually the very last
but one on the critical path which is at present
* NIST issues FIPS (done)
* IETF publishes specification (started on this)
* CABForum amends guidelines to permit use
* OS vendors and crypto libraries add support
* Browsers add support
* HSM vendors ship product
* CAs issue certificates.
There is also another item: "Root store policies amended to permit use".
However, where that goes and where the CAB Forum item goes is flexible;
both have to happen before "CAs issue certificates" but they don't
necessarily have to happen earlier than that. Having said that, I can
see a case for a CAB Forum "motion of intent" to set direction. What
algorithms other than SHA-3 would we want to include in such a motion?
My current wishlist:
Various EdDSA algorithms. See RFC8032 and
https://datatracker.ietf.org/doc/draft-ietf-curdle-pkix/
BLAKE2. See RFC7693. (No signature algorithm OIDs exist yet, AFAICT).
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
