11 April 2018 - Face 2 Face at Red Hat Sunnyvale, CA
Roll call (Tony) - Quorum achieved (9:00AM PT)
8:30 - 9:00 - Arrive & Setup
- 9:00 - 9:15 - Welcome, Housekeeping, Rollcall, Agenda
- 9:15 - 9:30 - PKCS#11 Interop 2018 overview
- 9:30 - 10:00 - PKCS#11 Interop 2019 planning
- 10:00 - 10:15 - Morning break
- 10:15 - 11:15 - PKCS#11 testing strategies (Anthony Berglas)
- 11:15 - 11:30 - V-Next Editor
- 11:30 - 11:45 - V3.0 remaining ballots
- 11:45 - 12:15 - Planning to wrap up v3.0
- 12:15 - 13:30 - Lunch break
- 13:30 - 14:00 - CKD_NULL with CKM_ECDH
- 14:00 - 14:15 - Webinar planning
- 14:15 - 15:15 - FIPS validation approach
- 15:15 - 15:30 - Afternoon break
- 15:30 - 15:45 - Correspondence
- 15:45 - 16:05 - Missing functionaliyty for KMIP
- 16:05 - 16:15 - Other language bindings
- 16:15 - 16:30 - PKCS#11 V-Next
- 16:30 - Adjourn
Tim moves, Gerry seconds to accept agenda, no abstentions, objections or comments. Agenda approved.
TIm moves, Gerry seconds to accept minutes from 4 April 2018, no abstentions, objections or comments. Minutes approved.
PKCS#11 Interop 2018 overview
- Doing a showcase this year, not a full or true interop. Tony noted that last year was an interop, Tim and Valerie corrected it was also a showcase.
There will be a presentation rolling in the booth - Tony walked through the deck, cribbed from Valerie's ICMC 2017 deck - of course with showcase specific details as well as how the TC works.
- There will be vendor sites as well. There is a presentation spot, and they will need to embed these slides.
- There is a slot for just PKCS#11, Tim asked about the content, Tony is still working on them. Tony is encouraging people to join him.
- Tony will find a picture of the booth to share with the group.
- Tony found the pictures, Tim noted there are still planned changes.
PKCS#11 Interop 2019 planning
- RSA is changing how signups happen, so they need to know going into this year (next week) how we want to do this.
- Tony: Do we want to do an interop, showcase, mixed pods or even our own booth?
- Cost? $9.500 (approx) for a pod.
- Do we want to participate as a TC in RSA 2019?
- Tim: There is only one vendor that is only doing PKCS#11 in 2018 (Utimaco)
- Bob: it's about vendor support
- In 2014, vendors had to have 2 pods (1 for PKCS#11 and one for KMIP) (Valerie doesn't remember it like that, but she only was showing PKCS#11).
- John L: If we had to pay for 2 pods, we would drop PKCS#11
- Tim: We don't have a critical set of major PKCS#11 vendors this year. No HSMs were participating, no OS vendors
- Dieter: cannot confirm if they can participate or not for next year.
- Not hearing support in the room for RSA2019?
- QLabs is interested in participating, if it does not cost extra
- Fornetix is in a similar situation, but would like to see a few more vendors.
- Darren is trying to figure this out for his company, not sure who in his side can approve that money. Tony will point to who to tap on this
- Dieter; our participation is independent of others, just trying to find budget.
- People are interested, if there is something to participate in.
- Valerie noted that there are folks that don't know our work continues after moving out of RSA's standards body, and this is a good opportunity to showcase our work and where we are. this is a good opportunity to share what we do and make it known we are active.
- If we want to participate, we have to have a motion. anyone willing to step up? RSA now has to vet participants, and OASIS needs to know ASAP who will participate.(and will need commitment financially).
- We might still be able to have some PKCS#11 signage for KMIP vendors, leveraging our formal liason (Tim).
- Gerry: could we do an interop that is not with RSA? Tim: as long as we call it a plug fest. Tony : it can be an interop, it's tied to who can participate. if it's all TC members, it can be called plugfest. There may be a cheaper venue that is more suitable.
- Bob: Maybe ICMC 2019? It's more targeted to people who care about PKCS#11
- Valerie: would we get support from OASIS to organize this? Tony: Maybe, they are sponsors of ICMC
Tim moves to have co-chairs approach ICMC organizers about the logistics of a PKCS#11 interop at ICMC 2019. Gerry seconded. No objections, abstentions or comments. motion approved.
Tim moves that the co-chairs notify OASIS that we have insufficient interest to commit to an interop at RSA2019 at this time. Dieter seconded. No objections, abstentions or comments. motion approved.
PKCS#11 Testing Strategy - Anthony Berglas
- Data driven testing, using XML to describe test cases.
- Would need a program to parse the XML and call the API. could use different language bindings.
- Trying to make a language to describe
Some attributes would be in & out.
- Regular naming in PKCS#11 makes this easier.
- Every vendor has their own testing strategy, it would be good to have it be standardized.
- Tim: can describe communication between consumer and provider. (based on Valerie's question).
- nobody has produced a public and generic test suite, Red Hat's is closest, but still very tuned to their implementation
- ideally, test ones that are borderline misbehaving (Bob)
- Can make assertions on what the output should be.
- Tim: would this be appropriate as an official standards document?
- JohnL: Maybe a committee note
- Bob: would be useful for common understanding to have something official
- General support to turn this into a document from those in the room. Would want a co-editor for the document, from another vendor, to broaden support.
- THis could be the basis for a interop.
Example FindObjects - may not work on Java (2 objects with same name)
- Bob: make sure order doesn't matter. (discussion on whether keys have to be unique per spec - or if it's just a really good idea....) (part of this is why we now have unique id)
- current goal is not to be exhaustive, testing the use of the API. First pass will be simple.
- should be "obvious" w/out reading a manual.
- make the API more accessible to users, by showing examples
- Bob has a parser that reads "test files" and generates the PKCS#11 code necessary to do the testing. He'll share the script and program with Tony. Bob did a walk through. It's on the mozilla repo.
- Valerie asked about open sourcing - could we share work? Bob - a sample implementation would be good. Definitely the spec will be open.
- Action Item: add to regular agenda, Bob and Anthony to continue discussions, determine if/when to make a new PK11 document, etc.
- Chis is not here, and hasn't signaled if he is interested or not in the next version.Unfortunately, he is not here today.
- Valerie thought there was a co-editor for 3.0, but no evidence of that. Sue Gleason was interested, but has limited time to help.
- Tony would consider being a co-editor for the document, given good diffs in proposals.
- Valerie noted we discussed last year coming up with a format for proposals, to make it easier for the editors. We cannot guarantee the person who submitted the proposal will be in TC to review.
- Dieter: could we start with an ascii document? and turn it into word document.
- Tony: we need to use OASIS document format, not sure I'd know how to make that work
- Tim: in KMIP we submit word change documents before ballot.
Tim moves to have Tony Cox as co-editor for V-Next PKCS#11 for Spec, Current mechanisms, historical mechanisms. Greg seconded. Comments: Good luck. No other comments, objections or abstentions. Motion carried.
Tim moves to have Dieter Bong as co-editor for V-Next PKCS#11 for Spec, Current mechanisms, historical mechanisms. Greg seconded. No abstentions, objections or comments. Motion carried.
Planning to wrap up v3.0
- Tim: many things are missing from 3.0 that we had approved, mentions 2.41, said noted in prior meetings. Doesn't think people have reviewed documents.
- Valerie: I disagree, people have provided feedback on the documents.
- Dieter: because there is no change tracking, it was hard to review the entire document. We reviewed only sections relevant to our proposals.
- Tim: Said he brought up in the meeting the need for change tracking and the "missing things" but it was not minuted, because Valerie does not minute things that only one person brings up (Valerie disagrees, she tries to capture all discussion points).
- Tim: Chris claimed in meetings that the document is fine, that Chris is only waiting for new proposals to be balloted. Valerie disagrees.
- Valerie notes that more items have been added to the 3.0WorkItems wiki since Chris's first draft. Bob agrees - he went and double checked against
- Dieter: comments provided in January, but the updates haven't been uploaded. (every one is in agreement on this)
- Tim: I've brought this up in multiple meetings. Valerie does not recall this, and doesn't believe it was in minutes.
- Tim: 3.0 document shows references to 2.41, indicating we may have started in the wrong version (2.41 never existed as a formal spec, we went the errata route instead)
- TIm: we are missing the new functions. Valerie: in the headers? That's being tracked. TIm: Full stop. Valerie: it's being tracked.
- Tim: We need change bar diffs from V2.40 Errata. Anthony: there is a diff tool in word. Tony: yes, Chris could use that as a starting point.
- TC needs diffed marked documents to review.
- tony: no more new proposals at this time.
Gerry moves to approve Bob R's changes to the header files to normalize all of the identifiers for v3.0 as per Bob's 2 emails titled Identifier Review. John L seconded. No abstentions, objections or comments. Motion carried.
- Tony: right now, Tony, Bob and Chris have write access to the header files. If anyone else needs it, we can discuss in TC meeting.
- Bob: what about missing function table list from header files. should I fix?
Gerry moves that the co-chairs update the header files to include missing function entries, and request the diffs be shared with TC. Seconded from Tim. No abstentions, objections or comments. Motion carried.
- Bob: Profiles document is missing provisioning changes. It's on the wiki, but not clear it impacts two documents. Tim missed it, did not realize profiles needed to be updated. Tim will update and send out for review and use change diffs.
- Tony: Will take the action item to request Chris to provide change bars against 2.40 Eratta 1 and the current version for the mechanism and the spec. Reviewers otherwise are struggling to complete review of full document. do we want to set timelines? TC would like to see timelines. Tony proposes to request Chris integrate final proposals, the missing items (that are now on the wiki) , and function identifiers in the base spec and current mechanism documents by first PKCS#11 post ICMC.
Valerie's request to TC: if you know anything is definitely missing, please note on the reflector and on the 3.0WorkItems wiki.
V3.0 remaining ballots
- If you haven't voted, yet, please go do so!
- Darren voted on 2 but not both.
- On track to pass, unless people change their votes.
CKD_NULL with CKM_ECDH - Bob
Nathan McCullough and Bob have patent for protocol for handling harddrive deprecation securely. THere is a key that is unique to your harddrive and requires a server on your site to be able to use this. The server does not have full key, but you can't get the key w/out the server. protocol requires EC operations. tried to do with ECDH and CKD_NULL, but ran into problems taht not everyone returns the same value with CKD_NULL and not everybody implemented it. Wants a new mechanism for getting the X and the Y - or maybe just the X.
- Why hasn't anyone implemented CKD_NULL? In the pk11 spec, it points to X9.63. Some people pad the X value out to get the field size, but some people don't. It's not always pre-padded.
Spec seems to say we're doing a derive key w/out any derive. ? Tim - this sentence does not make sense. Bob - pretty sure those words are wrong. Darren - there is more clarity in some cases. Bob - is the value X or X & Y? Is it padded out or not? Darren - may mean this is undefined behaviour. Darren - thought there was a proposal to pull all of the KDFs into one place? this may have been a review comment.
- Tim: this seems strange to do something that is not derive that is called derive. Bob had some ideas here. Tim thinks we've shoved something in the wrong place.
- Darren - CKD_NULL is assigned to a KDF variable in the function, a shared secret value. should be pretty clear what it is. doing null means don't do that key derivation on the shared secret, just return the secret.
- TIm: it could be clearer. we are trying to say what not to do from the X9.63.
- AI: BOb will use old draft of X9.63 to clarify this for 3.0 (Sections 2.3.8 and 2.3.9 - EC Mechanism parameters)
- Future work may include cleaning up documents for KDF.
- We've only done 1 or 2 webinars (Bob G and Valerie), which leads lack of awareness about what we are doing.
- Do we see value? timeframe? approach?
- Valerie recommended doing it for 3.0
- Tim noted we should do it for V.Next (which needs a name).
Tim moves that the co-chairs should put together a webinar to publicize 3.0 in the next 6 months. Gerry seconded. No abstentions, objections or comments. Motion carried.
This should be added to ongoing agenda to track. Pick up a regular cadence of webinars
FIPS validation approach
- Tim: it would be nice to share approaches - is PKCS#11 a workable boundary?
- Valerie talked about this at ICMC, the biggest issue was AES GCM IV generation - that should be addressed in 3.0 (Bob)
- Bob will be talking to Apostol about Automatic CAVP/CMVP program. Porotype uses OpenSSL, Bob has updated for Red Hat's usage and made it very PKCS#11 as possible. You can't do DRBG through PKCS#11 interface.
- Bob should note where he had to do PKCS#11 workarounds (ie call private NSS entry points, like for DRBG), and we can use that to improve testing in the future.
- Valerie: how do they handle special cases, like RSA with a known random? not sure. May be changing the tests.
- AI: V.Next: Bob to share whar he learns with the ACAVP for FIPS and TC considers adding new entry points (general or FIPS specific) for testing.
- Has had to use some vendor mechanisms, will let us know how many in the end - they are things nobody uses, but we may want to consider for testing.
see bob's repo: https://github.com/cisco/libacvp/tree/redhat_v0.3
- There is module testing, but there will be very little to share with other vendors. Could share just the plumbing, maybe toolkit for debugging.
Tony & Bob will talk to NIST at ICMC, regarding letter.
- Tony has no updates on other emails to the comments list.
Missing functionality for KMIP
- Tim: (slides uploaded) showing difficult to handle differences in four areas: object identification, object relationships, attributes and searching.
Object identification. CKA_UNIQUE_ID new for 3.0, but CKA_ID and CKA_LABEL are still abused. Will the 3.0 addition help? lots of vendors using vendor specific labels - right now an application devloper cannot rely on them. in PKCS#11 you can have 2 objects with same label - legal per the spec, but rejected by some implementations (Java). We may need CKA_UNIQUE_NAME?
Object Relationships: Links - given a relationship, can change behaviours. KMIP has the links noted in Tim's deck, PKCS#11 does not. Bob: we need to be able to link certs and keys in an interoperable way. gets tricky during provisioning. These would be object attributes. PKCS#11 is missing the concept. BOb has an approach he used for NSS, we could formalize that, or add the links. (everybody that works with firefox or Red Hat servers is already doing this)
- could just be more attributes needed here
Object Attributes: in P11 can get attributes we name, but not all that are available. you can do that in KMIP. So, you can see what is set, but not what is allowed to be set. Tim would like to see this driven by a vendor that has extensions to handle this, to make sure we don't miss anything. Tim will work with someone, but doesn't want to work in a bubble and not get any buy-in from HSM vendor (back to making sure it's the right thing, usable, etc)
- Bob notes it's hard to see what curves people support (w/out trial and error). this would be really useful to know, not guess.
- Tim - is there interest in doing this?(sounds like yes, but nobody specifically signed up to help)
Object Searching: nobody really wants a million objects. you are more likely to be dealing with the new stuff, not the old stuff. KMIP has locate where you can ask for specific number of objects, maximum number - "all objects modified in this time period" (etc). Bob - not sure we need this in NSS.
- Tim: either add new functions to do this, or expand current ones. leaning towards new functions. general interest in improving searching.
- Tim: could track these as 'investigate' in v.next
Other language bindings - Tim
- Tim: take a look at these bindings, and see if people using/developing these bindings would be interested in joining the TC. Tony suggests doing this after we get our webinar out (or as part of that effort)
- Anthony: will tidy up the wikipedia entries here, and share list of other language bindings.
- What do we call it? 3.01, 3.10, or 4.0?
- Bob: everyone wants a .1 release. Also with function tables, we don't need a big jump.
- Valerie: major numbers should be warranted, and we don't have the content to justify it. It's also scary to the public.
- Tony: we could wait until we know what's in there.
- Tim: in KMIP we made mistake of calling 1.2 1.2 - should've been 2.0 (due to the number of changes).
- Bob: we could change the name later, once we understand what we're going in.
- Tim: are we just doing mechanisms? then 3.10 - if we're fixing functionality, go with a bigger number.
- Valerie: TC had previously discussed doing committee notes for new mechanisms. Tony: That was due to OASIS process that has changed.
- Tim: We decide what the next version is after we close off 3.0.
- Tony: we should look at our future work, in 2 places right now. (bottom of 3.0 work items and Future Work page, Tim cleaned up during meeting).
- General consensus is to look at this list to consider for v.next.
- Tim/Tony: could bring up in webinar to call for additional ideas.
Set next meeting date
- May 2, 2018, usual time.
Tony moves to thank Bob for hosting and the great refreshments! Seconded by Greg. no objections abstentions or comments. motion approved.
TIm moves to adjourn, Gerry seconded. No objections, abstentions or comments. Meeting adjourned at 4:31PM PT.