IEEE P1735 Working Group Meeting of September 10, 2008

Meeting Info

Conference Bridge and Webex

Participants

  • Attending
    • Steven Dovich, Cadence
    • Ruchi Tyagi, Cadence
    • Nitin Khurana, Cadence
    • Dave Clemans, Synopsys
    • William A Hanna, Boeing
    • Nick Sgoupis, CAST
    • Dave Graubart, Synopsys
    • Michael Smith, Synopsys
    • John Shields, Mentor
    • Parminder Gill, Synopsys

  • Not Attending
    • Meera Srinivasan, Synopsys
    • Syed Huq, Cisco
    • Jim Robinson, Synopsys
    • NSS Subramanian, Cadence
    • David Tran, Synopsys
    • Gary Delp, LSI

Agenda

  1. Determine Quorum
  2. Patent slides
  3. Approve agenda
  4. Approval of Meeting minutes from 9/3/2008
  5. Action Items Status
  6. Liaison Reports
  7. Key Management Issues
  8. License Management
  9. Other Business
  10. Adjourn

Minutes

Attendance/Quorum

We have 3/4 eligible entities, and have a working quorum.

Patent Policy

The Patent slides were offered for review.

No new claims were disclosed at the call for essential patent claims.

Agenda Approval

Motion by Michael, seconded by Nitin. Motion is approved.

Previous Minutes

Dave G moved and Bill seconded the approval of the September 3, 2008 minutes. The motion was approved.

Action Item Review

Steven reviewed the open action items.

Liaison Reports

Initialization Vector changes are integrated into draft 7 of Verilog.

Key Management Issues

Nitin's research uncovered key strength as the customary driver for validity periods. John observed that in our context, limiting the amount of protected IP is a more significant driver. Nick asked what the response should be when the certificate has expired. John noted that warning the user was a common response, but that this is a tool decision though we could make recommendations here. The interaction with licensing agreements (contracts) is of concern too. An open question: Is an indefinite validity period possible? A common expectation is that the protection period is indefinite and the usage term is governed by external license management.

Perhaps a recommendation for tool failure on encryption with an expired certificate, but only a warning when decrypting with an expired certificate. The tool vendor owns the public key and has a vested interest in governing the use of that key since it is linked with their tools. The IP author is more likely to use licensing as a controlling mechanism for their IP, and the IP user is more likely to be injured through more aggressive failure semantics over expired keys.

Michael noted that NIST Pub. 800-57 has recommendations on Crypto-Periods (key validity lifetimes, etc). Understanding those recommendations should be a priority for us. Nitin emphasized that his research linked the key strength as factor in validity period. This may suggest that tool vendors may need to vary the key strength as they choose a certificate lifetime. John wants to better understand Nitin's research and an e-mail discussion seems like a good option since Nitin's phone line was a problem in this meeting.

Nitin's email also included a set of signing algorithms used in X.509 certificates. John asked about the non-overlap of the algorithms with the set we currently recommend. Steven pointed out that the data domains were different. John clarified that the common availability of each of these algorithms is a concern and we should understand that as part of the recommendation. More investigation is needed to get a good handle on these issues. %ACTION{ closed="2008-10-08" closer="" created="2008-09-10" creator="Main.StevenDovich" due="" notify="Main.StevenDovich" state="closed" uid="000042" who="Main.NitinKhurana" }% Are all of the X.509 algorithms implemented by open-source software (such as OpenSSL)? Michael asked if export liabilities existed for certificates. Steven recalled identity protection as one of the exceptions to export controls, though that needs to be verified. %ACTION{ closed="2008-10-29" closer="" created="2008-09-10" creator="Main.StevenDovich" due="" notify="" state="closed" uid="000043" who="Main.StevenDovich" }% <<EOF Ask Larry Disenhof about the status of export controls on encryption for identity protection (X.509 certificates)

Larry reported that this is not presently an issue, nor does he see it becoming one in the future. EOF

License Management

Discussion was deferred until next week.

Other Business

Adjournment

Motion by John, second by Dave C. Approved by acclamation at 1:08 pm CDT

Approval

These minutes were approved at the September 17, 2008 meeting.

-- StevenDovich - 17 Sep 2008

Topic revision: r4 - 2008-10-29 - 15:04:56 - StevenDovich
 
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback