IEEE P1735 Working Group Meeting of September 10, 2008
Meeting Info
Conference Bridge and Webex
Participants
- Attending
- Steven Dovich, Cadence
- Ruchi Tyagi, Cadence
- Nitin Khurana, Cadence
- Dave Clemans, Synopsys
- William A Hanna, Boeing
- Nick Sgoupis, CAST
- Dave Graubart, Synopsys
- Michael Smith, Synopsys
- John Shields, Mentor
- Parminder Gill, Synopsys
- Not Attending
- Meera Srinivasan, Synopsys
- Syed Huq, Cisco
- Jim Robinson, Synopsys
- NSS Subramanian, Cadence
- David Tran, Synopsys
- Gary Delp, LSI
Agenda
- Determine Quorum
- Patent slides
- Approve agenda
- Approval of Meeting minutes from 9/3/2008
- Action Items Status
- Liaison Reports
- Key Management Issues
- License Management
- Other Business
- Adjourn
Minutes
Attendance/Quorum
We have 3/4 eligible entities, and have a working quorum.
Patent Policy
The
Patent slides were offered for review.
No new claims were disclosed at the call for essential patent claims.
Agenda Approval
Motion by Michael, seconded by Nitin. Motion is approved.
Previous Minutes
Dave G moved and Bill seconded the approval of the
September 3, 2008 minutes. The motion was approved.
Action Item Review
Steven reviewed the open action items.
Liaison Reports
Initialization Vector changes are integrated into draft 7 of Verilog.
Key Management Issues
Nitin's research uncovered key strength as the customary driver for validity periods. John observed that in our context, limiting the amount of protected IP is a more significant driver. Nick asked what the response should be when the certificate has expired. John noted that warning the user was a common response, but that this is a tool decision though we could make recommendations here. The interaction with licensing agreements (contracts) is of concern too. An open question: Is an indefinite validity period possible? A common expectation is that the protection period is indefinite and the usage term is governed by external license management.
Perhaps a recommendation for tool failure on encryption with an expired certificate, but only a warning when decrypting with an expired certificate. The tool vendor owns the public key and has a vested interest in governing the use of that key since it is linked with their tools. The IP author is more likely to use licensing as a controlling mechanism for their IP, and the IP user is more likely to be injured through more aggressive failure semantics over expired keys.
Michael noted that NIST Pub. 800-57 has recommendations on Crypto-Periods (key validity lifetimes, etc). Understanding those recommendations should be a priority for us. Nitin emphasized that his research linked the key strength as factor in validity period. This may suggest that tool vendors may need to vary the key strength as they choose a certificate lifetime. John wants to better understand Nitin's research and an e-mail discussion seems like a good option since Nitin's phone line was a problem in this meeting.
Nitin's email also included a set of signing algorithms used in X.509 certificates. John asked about the non-overlap of the algorithms with the set we currently recommend. Steven pointed out that the data domains were different. John clarified that the common availability of each of these algorithms is a concern and we should understand that as part of the recommendation. More investigation is needed to get a good handle on these issues.
%ACTION{ closed="2008-10-08" closer="" created="2008-09-10" creator="Main.StevenDovich" due="" notify="Main.StevenDovich" state="closed" uid="000042" who="Main.NitinKhurana" }% Are all of the X.509 algorithms implemented by open-source software (such as
OpenSSL)?
Michael asked if export liabilities existed for certificates. Steven recalled identity protection as one of the exceptions to export controls, though that needs to be verified.
%ACTION{ closed="2008-10-29" closer="" created="2008-09-10" creator="Main.StevenDovich" due="" notify="" state="closed" uid="000043" who="Main.StevenDovich" }% <<EOF
Ask Larry Disenhof about the status of export controls on encryption for identity protection (X.509 certificates)
Larry reported that this is not presently an issue, nor does he see it becoming one in the future.
EOF
License Management
Discussion was deferred until next week.
Other Business
Adjournment
Motion by John, second by Dave C. Approved by acclamation at 1:08 pm CDT
Approval
These minutes were approved at the
September 17, 2008 meeting.
--
StevenDovich - 17 Sep 2008