Merge 11.8.* / v5.0.be-6.9.* to 11.1? #2912
Comments
elarlang
added
1) Discussion ongoing
|
Agreed. Perhaps:
|
|
I like merging the PQC into 11.8.1. I am still not certain that "advancements in the field of post-quantum cryptography are being monitored" is something we can verify. We can verify that the impact of PQC has been integrated in the documentation. Can we simplify as:
I would be tempted to generalize somewhat this formulation with something like:
|
11.8.1 is also about PQC... Maybe 11.8.2 should be part of the section text? |
|
Agree that validating monitoring is hard, but then again this is where ASVS could come in with the Appendix. I do actually like
that would be my recommendation |
|
As I understand, there is agreement, that the last quoted proposal covers current 11.8.1 and 11.8.2 and this requirement will be in section V11.1. Current section text from 11.8 can be moved to 11.1 as well. I'll PR that in later.
This is something that needs some further "translation" for me - is there a need for add something to AppendiX? |
+1 I think this is a great idea Daniel. |
|
PR #2912 (draft) - I did the requirement movement, chapter cleanup and related mapping updates. Please add into the PR all needed and expected chapter text or AppendiX content if required. |
|
Great PR. I just want to make a small wordsmith change for line 35. My grammar checker is just making a few suggestions. It keep suggesting we spell out ECC but not to bother with RSA which is a bit odd, but I like the rest. These are just small changes and not a big deal either way. If you are ok with this @elarlang I'll modify your PR. The need to future-proof cryptographic systems against the eventual rise of quantum computing is critical. Post-Quantum Cryptography (PQC) refers to cryptographic algorithms designed to remain secure against attacks by quantum computers, which are expected to break widely used algorithms such as RSA and elliptic curve cryptography (ECC). Please see the Appendix for current guidance on vetted PQC primitives and standards. |
Yes, go ahead, that's why it is draft. Also, check Slack. |
* #2912 - reorg pqc inventory requirement * Update 0x20-V11-Cryptography.md minor wordsmithing --------- Co-authored-by: Elar Lang <[email protected]> Co-authored-by: Jim Manico <[email protected]>
|
The changes that I proposed in the issue are now merged. If there is something needed from this for the appendix, please open a separate issue or PR to solve that. |
Spin off from #2908, Point 6.
Those are clear inventory or documentation requirements (and not something you can check from the implementation) - by content those belong to "V11.1 Cryptographic Inventory and Documentation".
I also feel that 11.8.2 can be merged into 11.8.1.
The text was updated successfully, but these errors were encountered: