On Fri, Oct 02, 2020 at 03:33:58PM +0200, Greg Kroah-Hartman wrote: > On Fri, Oct 02, 2020 at 03:15:55PM +0200, Willy Tarreau wrote: > > On Fri, Oct 02, 2020 at 02:38:36PM +0200, Torsten Duwe wrote: > > > Almost two weeks passed and these are the "relevant" replies: > > > > > > Jason personally does not like FIPS, and is afraid of > > > "subpar crypto". Albeit this patch set strictly isn't about > > > crypto at all; the crypto subsystem is in the unlucky position > > > to just depend on a good entropy source. > > > > > > Greg claims that Linux (kernel) isn't about choice, which is clearly > > > wrong. > > > > I think there's a small misunderstanding here, my understanding is > > that for quite a while, the possibilities offered by the various > > random subsystems or their proposed derivative used to range from > > "you have to choose between a fast system that may be vulnerable > > to some attacks, a system that might not be vulnerable to certain > > attacks but might not always boot, or a slow system not vulnerable > > to certain attacks". Greg's point seems to be that if we add an > > option, it means it's yet another tradeoff between these possibilities > > and that someone will still not be happy at the end of the chain. If > > the proposed solution covers everything at once (performance, > > reliability, unpredictability), then there probably is no more reason > > for keeping alternate solutions at all, hence there's no need to give > > the user the choice between multiple options when only one is known > > to always be valid. At least that's how I see it and it makes sense > > to me. > > Thanks for spelling it out in much more detail than I was willing to :) I assume you're not trying to pull the discussion off-topic. The one and only choice here is that some people believe in NIST and certifications. Yes, others don't, no problem either. The former folks boot with fips=1, that's it. Those people are usually certain about their decision. That option is about to break, for reasons I stated previously. This patch set is to introduce the now-missing pieces. One thing worth to discuss here would be whether people not so security conscious should benefit from the sanity checks as well. IMHO they should, because, as Willy explained, stick with the option that's always valid. My disappointment was that _none_ of the maintaners had an on-topic, technical remark. I get the impression some read "FIPS" and stop, regardless of the actual functionality. Torsten