Re: FIPS compliance efforts in Fedora and RHEL

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, Apr 18, 2023 at 5:27 PM Demi Marie Obenour
<demiobenour@xxxxxxxxx> wrote:
>
> On 4/18/23 05:05, Norbert Pocs wrote:
> > Hi OpenSSH mailing list,
> >
> > I would like to announce the newly introduced patch in Fedora rawhide [0]
> > for FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
> > version.
>
> Why does Fedora care about FIPS 140?  To me, this seems like it
> should be specific to RHEL and maybe CentOS Stream, not Fedora.
> My understanding is that Fedora will never be FIPS 140 complaint
> anyway so there is no point in even trying, not least because
> the FIPS validated version will generally be _less_ secure than
> the non-FIPS version.  To give just one example, OpenSSH defaults
> to a post-quantum key exchange that FIPS does not allow.

Because Fedora is the alpha platform for RHEL, and Red Hat pays a lot
of their bills, both in cash and in development. In theory, leading or
bleeding edge work happens in Fedora first, and the folks who use
bleeding edge software pay for it by being the first to detect
incompatibilities and the first to need to hammer out backwards
compatibility.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux