TLS should only use the NIST-Recommended elliptic curves in the FIPS mode

NEW
Unassigned

Status

NSS
Libraries
P3
enhancement
12 years ago
4 years ago

People

(Reporter: Wan-Teh Chang, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

12 years ago
NSS implements all the NIST-Recommended elliptic curves
in FIPS 186-2 and many non-NIST-Recommended curves.

In the FIPS mode of operation, our SSL library should
only use the NIST-Recommended curves for TLS.

Note that NIST actually allows the use of non-NIST-Recommended
curves in the FIPS mode provided that they are listed in
the FIPS validated crypto module's Security Policy.  See
FIPS 140-2 Implementation Guide 1.6 "Use of Non-NIST-Recommended
Asymmetric Key Sizes and Elliptic Curves":

  The [Cryptographid Module Validation Program] allows the use of
  non-NIST-Recommended DSA and RSA key sizes and ECDSA curves in a
  FIPS Approved mode of operation providing:
  - an algorithm implementation must have been tested and validated
    for at least one NIST-Recommended key size (DSA and RSA) and
    one NIST-Recommended curve (ECDSA) as applicable,
  - the security policy must list all non-NIST-Recommended key sizes
    and curves that are implemented, and
  - the algorithm implementation MUST use an Approved message digest
    algorithm.
Priority: -- → P3

Updated

9 years ago
Blocks: 459298

Updated

9 years ago
No longer blocks: 459298

Updated

4 years ago
Blocks: 942585
You need to log in before you can comment on or make changes to this bug.