Labgram #106/Valgram #126 - Impact of NIST 2017 Transitions to NIAP
Per published NIST notifications, all non-56B-compliant key transport schemes will be disallowed in the US government after 2017.
It should be noted that, as a result, effective 1 January 2018, any TLS ciphersuite with RSA key agreement/key transport is no longer acceptable for use within National Security Systems. Therefore:
1. NIAP will not post products to the PCL that use these ciphersuites.
NIAP will issue a TD to address these transitions within our Protection Profiles.
References NIST Special Publication 800-131A Revision 1, dated November 2015
NIST Special Publication 800-56B Revision 1, dated September 2014
NIST provided notice in NIST SP 800-131A Revision 1 Section 6, dated November 2015, that all non-56B-compliant key transport schemes will be disallowed after 2017.
NIST SP 800-56B Revision 1, dated September 2014, allows only RSAES-OAEP for key transport. However, TLS specifications for TLSv1.2 (and earlier versions) use the RSAES-PKCS1-v1.5 scheme. Therefore, for TLSv1.2 (and earlier versions) to be compliant to NIST SP 800-56B, only ECDH or DH schemes can be used.
If you have any questions or concerns, please contact NIAP at email@example.com.