[Sea-sec] Responses to Conditional Approvals of Security WG Documents
Howard.Weiss at parsons.com
Mon Jul 9 17:18:41 UTC 2018
Two of our documents (Security Glossary and Algorithm Pink Sheets) have recently completed CESG polling. The intent of the poll was to enable the documents release for Agency Review.
Both documents received "Approve with Conditions" from the MOIMS AD and D/AD.
For the Security Glossary, the "condition" received was:
Mario Merri (Approve with Conditions): Since this book it is merely
a glossary of terms, it is not clear to me why it has not been taken
this opportunity to silverise the original GB and put the terms in
For the Algorithms Pink Sheets (where the only changes were the increased key sizes) the condition received was:
Mario Merri (Approve with Conditions): The main change is the
strenghen of the authenticaltion keys. These have been increased,
thus making implementations that followed the previous CCSDS
recommentation not-compliant. Why has the document update not been
made in a backward-compatible manner, still strongly recommending
the new key lengths?
For the glossary, I would like to respond with the following:
* All terms in the SANA Glossary are defined in CCSDS documents; the definitions in those documents are the source of the SANA Glossary,
* The update to the Security Glossary is an actual update to the glossary; even if it were someday decided to retire the Security Glossary in favor of a SANA-only glossary, the update would still have to happen first,
* The change in document color is happening in conjunction with the update, but it is not what the CESG is being asked to approve (the CMC already approved the change in color),
* Therefore, the condition is actually not a condition that applies to the document update and should be withdrawn.
For the Algorithms pink sheets, I would like to respond with the following:
* The increased key sizes will be made a "shall" for future missions. The smaller key sizes will remain in the document for backward compatibility as "may" specifications for use in older missions although we will include a note discouraging the use of the smaller key sizes as being potentially vulnerable to attack.
Comments? Changes? Other final suggestions? Please respond quickly so we can expedite getting the documents into Agency review so we will receive RIDs in time to review at the Fall meetings.
Howard Weiss, CISSP
7110 Samuel Morse Drive
Columbia, MD 21046
howard.weiss at parsons.com
Please consider the environment before printing this message
NOTICE: This email message and all attachments transmitted with it may contain privileged and confidential information, and information that is protected by, and proprietary to, Parsons Corporation, and is intended solely for the use of the addressee for the specific purpose set forth in this communication. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited, and you should delete this message and all copies and backups thereof. The recipient may not further distribute or use any of the information contained herein without the express written authorization of the sender. If you have received this message in error, or if you have any questions regarding the use of the proprietary information contained therein, please contact the sender of this message immediately, and the sender will provide you with further instructions.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the SEA-SEC