|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@metzdowd.com X-Original-To: cryptography@metzdowd.com Date: Fri, 22 Jul 2005 12:00:47 -0600 From: Anne & Lynn Wheeler <lynn@garlic.com> To: "nap.van.zuuren@pandora.be" <nap.van.zuuren@pandora.be> Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com> In-Reply-To: <01C58EF0.69BB3960.nap.van.zuuren@pandora.be> Nap van Zuuren wrote: > Might be a nice (intellectual) crypto-exercise, but I am afraid that the > concept of the Qualified Signature will not get a widespread > implementation, expect for very specific areas/disciplines. > > The main problem with the Qualified Certificate (overhere in Europe) is the > fact that the creating components have to obtain - as a minimum - Common > Criteria EAL4 ( Evaluated -Security- Assurance Level ) qualification; and > the lack of "card-readers" on User equipment. i ran into an interesting problem with EAL5-high. basically there weren't any readily available crypto specification for getting higher than an EAL4 certification. most vendors that get higher than an EAL4 certification ... seem to get it on a bare-bones chip before any applications are added ... and then subsequently add applications (the fact that applications can be added might be a security issue in itself). i've found it quite difficult to figure out how to get a certification for higher than EAL4 when there are any significant application already existing on the chip ... especially for crypto; basically as the certification goes higher you need a much more formal specification for the components to certify against .... and i've found it difficult to find such formal specification for crypto operation. things like fips140-2 level 4 tends to be on the operation of the crypto box against certifiable hardware operational characteristcs. i've periodically posted requests in the past about anybody knowing of a source for EAL5 or higher standards for crypto that can be certified against. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |