On Fri, Feb 24, 2017 at 9:58 AM, [email protected] <[email protected]> wrote:
> > Well as it happens, that is not a problem. > > * There is a set of FIPS requirements and testing regimes etc. for SHA-3 > * There are HSMs that have met those requirements. > > What is a concern related to HSMs is that the transition is widely > supported so CAs do not have to make major changes to their infrastructure > or change suppliers or use different hardware for SHA-3 certificates. > > The availability of HSMs is a concern but it is actually the very last but > one on the critical path which is at present > > * NIST issues FIPS (done) > * IETF publishes specification (started on this) > * CABForum amends guidelines to permit use > * Browsers add support > * HSM vendors ship product > * CAs issue certificates. > As indicated before, I believe you have critically misordered these requirements, which may be the source of our disagreement. I do not expect you to agree, but I hope you can understand why, from my perspective, the order is: * NIST issues FIPS (done) * IETF publishes specification (started on this) * HSM vendors ship product * CABForum amends guidelines to permit use * Browsers add support * CAs issue certificates. That is, I see the HSM discussion happening in parallel to permitting, but I see both as blocking for browsers adding support. > The issue is irrelevant. > We will disagree, then, and given the remainder of the mail, it's perhaps best that you and I stop talking about this, as we recognize our disagreement.
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
