On Thu, Feb 27, 2014 at 10:26 AM, Stephen John Smoogen <smooge@xxxxxxxxx> wrote: > > > > On 27 February 2014 10:58, Andrew Lutomirski <luto@xxxxxxx> wrote: >> >> >> > We have to document that, but there will be always ways to shoot >> > someones foot. There are legitimate uses of increasing a security level >> > (if one for example sets up machines to be used in a LAN). >> > >> >> If someone sets SUITEB-whatever, is Curve25519 acceptable? >> > >> > SuiteB only allows two curves. SECP256 and SECP384 if I remember well. >> >> I understand why people implement ridiculous FIPS modes: it's to >> comply with government rules. I don't see why Fedora should add to >> the mess. >> > > Because such .gov rules are pushing throughout the industry and university > systems. You may be a research professor who has a grant which requires you > to show your systems are on such level as someone in the granting agency > doesn't want its grants to have stored their records in plain text or worse > the algorithms the professor knew back in the 1970's when he was a grad > student. [Been there, done that] You may be a university hospital which has > to show that it is keeping confidentiality through various levels [Fedora > like many linuxes gets used to be embedded in hardware you might scratch > your head but it is what it is.] You may be a EU giant accelerator which > finds that its funding has new riders and while you don't use Fedora, you > use a rebuild and will want to show you can meet those riders in X years > (which is usually good enough for the financial auditors). > > It is basically to help make the work easier so that when someone is told > you have to make your system compliant they can do it in one spot versus > 500. In that case, why not give full control: allowed_ciphers = AES-192, AES-256, Salsa20/12, Salsa20/20 allowed_groups = modp >= 2048, P-256, Curve25519 allowed_hashes = SHA-3, ... allowed_modes = CTR, OCB, XTS, GCM allowed_macs = ... If the point is to comply with requirements that we don't even know about yet, then allowing LEVEL-256 to mean "256 bits or more, by some particular mapping between modp length and bits, and, oh, by the way, AES-256 is okay" is asking for this thing to end up being useless. Also, please keep this proposal the heck away from my desktop box. On the other hand, if something can warn about the use of particular primitives, that would be great -- it might have caused people to notice the IMO disastrous OpenSSH 1024-bit crap much sooner. I suspect that several governments know a lot of my passwords as a result of that screwup. --Andy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
