On 27 February 2014 10:58, Andrew Lutomirski <luto@xxxxxxx> wrote:
> We have to document that, but there will be always ways to shootI understand why people implement ridiculous FIPS modes: it's to
> someones foot. There are legitimate uses of increasing a security level
> (if one for example sets up machines to be used in a LAN).
>
>> If someone sets SUITEB-whatever, is Curve25519 acceptable?
>
> SuiteB only allows two curves. SECP256 and SECP384 if I remember well.
comply with government rules. I don't see why Fedora should add to
the mess.
Because such .gov rules are pushing throughout the industry and university systems. You may be a research professor who has a grant which requires you to show your systems are on such level as someone in the granting agency doesn't want its grants to have stored their records in plain text or worse the algorithms the professor knew back in the 1970's when he was a grad student. [Been there, done that] You may be a university hospital which has to show that it is keeping confidentiality through various levels [Fedora like many linuxes gets used to be embedded in hardware you might scratch your head but it is what it is.] You may be a EU giant accelerator which finds that its funding has new riders and while you don't use Fedora, you use a rebuild and will want to show you can meet those riders in X years (which is usually good enough for the financial auditors).
It is basically to help make the work easier so that when someone is told you have to make your system compliant they can do it in one spot versus 500.
Stephen J Smoogen.
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
