The 3 Biggest Issues Discussed at ICMC 2013

Last week we were at the first International Cryptographic Module Conference, and I'm only just now getting my thoughts down. Remember what we said in this post:

Life at SafeLogic moves pretty fast.  We look at every day as a week, and every week as a month.

It's been a crazy, busy, and excellent month since the conference last week.  Not just here at SafeLogic, but in the world around us.  A few days ago, I wished that we had more time for Q&A with the folks from CMVP.  As I'm writing this now, I suppose we should be happy that they could be in attendance at all, considering the furloughs this week.  The current status of the federal shutdown only exacerbates the issue of the long validation queue.  I'll address that more below.

For the most comprehensive summary of the conference, check out Fiona Pattinson's summary here.  My talk on FIPS and FUD went well.  I had a lot of fun, and I got good feedback from attendees, so it wasn't just me.  It was refreshing to talk to the community as a vendor again and not as a consultant.  Incidentally, Valerie Fenwick of Oracle live-blogged my talk and captured the right points. Check out her summary here.  Very cool.  Thanks Valerie!

Upon arriving at ICMC, I was initially a bit stressed by some of the issues we face as a community.  Then as I began to process the signals from the noise, it hit me.  SafeLogic customers are shielded from these issues!  If a product vendor or end user attended a conference such as this, they would be overwhelmed.  The sheer volume of information being shared and discussed was staggering.  Without my background in cryptography, I would have never been able to identify the topics that were relevant to SafeLogic.  This is absolutely part of our role here.  SafeLogic customers can tune out and focus on what they do best, while we assess and address the issues of encryption and deliver a finished product.  Now more than ever, I realize that our method shelters customers from a great deal of anxiety, and that's priceless.

There were three major issues discussed at ICMC that had potential to affect our position.  I'm proud to report that all three are well under control.  Let me explain:

1. New Implementation Guidance for software modules (IG 9.10). This poses a problem for many of the vendors pursuing narrowly-defined cryptographic boundaries and requires a great deal of attention.

What makes me happy: CryptoComply meets this IG.  Anyone who uses our module meets this IG.  So while a lot of time was spent talking about the technical details and the impacts to vendors, I just smiled knowing that  our customers are unaffected.  This is a great example of how SafeLogic leverages our expertise to address changes immediately and our customers sit back, relax, and enjoy the updates.

2. Entropy. Current validations received a reprieve from the draft guidance that imposes hefty technical and documentation challenges for sources of entropy.  However, the impending requirements are a nightmare and everyone in the space will be scrambling.

What makes me happy: SafeLogic has this problem solved. That's all I can say for now. Stay tuned for more.

3. The length of the validation queue.  It's getting longer and longer, with no real fix in sight.  The CMVP validation department furloughs are only going to make this worse, too.

What makes me happy: SafeLogic customers get through the queue more quickly.  RapidCert was established when the queue length was at six months.  This advantage becomes even more valuable as the queue length grows.

With these issues, all the hallway rants er, conversations, and everything else in discussion, attending ICMC was a great opportunity to network and check the temperature of the industry.  We already tackled those issues and there will be more on the way.  I'm proud to report that SafeLogic's commitment to aggressively update and innovate has already shown proven results.  We will continue to lead the way, so that our customers remain insulated from the headaches of encryption.  And we'll accomplish that by developing more cool solutions.  I'm looking forward to sharing that with you!