Appendix Crypto - Allowed mechanisms and requirement levels #2398
Comments
|
In all honesty, I don't see us needing any levels here. It should apply to all no? |
tghosth
added
1) Discussion ongoing
Yes possibly. Removing the levels here might be an option. Would it make sense to have stricter requirements in this regard for L1 applications than for L3/financial/healthcare ones? In the sense, that if you already use some somewhat sub-par cipher/MAC/signature for L1 applications, it might be OK for now but you should really use something better for L3. For example, the appendix currently says: that EdDSA (Ed25519, Ed448) is allowed. On the other hand, FAPI 2.0 says "EdDSA (using the Ed25519 variant)". Should the appendix align with FAPI 2.0 in this regard? Only for L3? So there are two options:
|
|
A more useful classification (instead of L1/L2/L3) would be something like : approved / disallowed / legacy. For example, HMAC-SHA-1 could be marked as legacy (i.e. maybe it's not that bad if you use if for legacy/compatibility and you have a plan to move away from it but it may not be a great idea to use it in new deployments). This is probably better (@danielcuthbert ?) than what we have currently. See #2399 |
|
Note: some notable impact which may not be immediately apparent, is the use of HMAC-SHA-1 as the default mechanism for HOTP and TOTP. This is currently used in many/most recent TOTP I've been using. |
Currently the crypto appendix as table as follow:
The relation between the check marks and the levels does not make much sense. Why would AES-256 be OK for L2 and L3 but nor for L1? To make sense, it would have to be the other way around:
All these should be adjusted, I think.
The text was updated successfully, but these errors were encountered: