Re: Elliptic curve on Centos 6.x

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 01/03/2014 01:15 PM, Karanbir Singh wrote:
> On 01/03/2014 11:01 AM, Adrian Sevcenco wrote:
>> i was just blew away by this:
>> "What almost all commentators have missed is
>> that hidden away in the small print (and subsequently confirmed by our
>> specific query) is that if you want to be FIPS 140-2 compliant you MUST
>> use the compromised points."
>>
>> i even don't have words to comment on this!!!
> 
> I tweeted about this exact point a few minutes ago; given the way and
> what is compromised in what manner, and then work back to what FIPS is,
> it helps dilute the shock. a bit. but then who's got the funds and
> resources to re-work the fips process with a new codebase ? Will Red Hat ?
at this point i am thinking: why bother (with re-certification)? because
of this (among other things) the trust in "fips process" or other
"official" processes is in free fall.. IMHO underlying problem is not
that a cipher/process/code was compromised but that the supervising
_trustworthy_ entity is in fact not trustworthy at all!

Adrian


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux