Description:
DRAFT AGENDA - Send Bob R and Valerie additional topics (including time needed)
all times PT
8:30AM->9:00AM Arrive, checkin on site
9:00AM -> 9:15AM Introductions
9:15AM->9:30AM Burt Kaliski, PKCS 25th Anniversary
9:30->9:45AM Update on PKCS#11 2.40 Errata, next steps
9:45->10AM Break
10AM Update from KMIP liason
10:15-> 11:30AM PKCS#11 2.41
- New algorithms: SHA3, ChaCha, Poly
- AES GCM IV - Can we abuse the parameter field?
- NIST Key derivation function
- Error code improvements (from Darren M)
- EncryptCancel(), DigestCancel() ... which stops operation and cleans context. Now we have to simulate it with some kind of failure.
- Extending C_GenerateRandom to specify RNG quality
- Adding C_RenameToken, C_ChangeLabel, and/or C_ClearToken
- CKA_UUID (or similar unique identifier attribute for objects). Right now, PKCS#11 objects can be hard to map into other protocols/keystore/databases (esp. KMIP) because there is no standard way to associate anything resembling a unique primary key with objects.
- Others?
11:30 -> 11:45 Letter to CMVP/NIST
11:45->1PM Lunch
1PM -> 1:30PM Graham S.: Associating Attributes to Wrapped Keys
1:30PM -> 2:30 Bob R.: AEAD (Wan-Teh's 3.0 work)
2:30 -> 2:45 PM Break
2:45 -> 3:00 Interop update
Motion to participate in 2017 Interop at RSA Feb 2017.
3:00 -> 4:30 PKCS#11 3.00 topics (please let Valerie/Bob know)
- Application/library context - C_Inititlize returns context and C_Finalize cleans only the sessions, objects and other related to the context or all library if context is not passed. Now we cannot calls C_Finalize in shared libraries (may just be an OS issue).
- Adding multiple user support to C_Login to also take a user name
- and call back mechanism
- Forking: Remove fork behaviour from standard, perfectly acceptable to work in the child.
- Map KMIP attributes to PKCS#11 object lifecycle attributes and enforcement. This includes new (different) error codes for attempts to use objects before/after it's valid to use them for the desired purpose. (example: should C_Encrypt() fail if the key passed is beyond its Protect Stop Date?)
4:30 -> 5:00 Set next meeting date , adjourn
==========
Agenda:
==========
Minutes:
==========
Attendance:
Meeting Statistics |
Quorum rule |
51% of voting members
|
Achieved quorum |
yes |
Individual Attendance |
Contributing Members: 15 of 57 (26%) Voting Members: 9 of 13 (69%) (used for quorum calculation)
|
Company Attendance |
Contributing Companies: 9 of 22 (40%) Voting Companies: 4 of 4 (100%)
|