FIPS mode restrictions and DES

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> From: "Steve Marquess" <marquess at openssl.com> 
> Date: 04/14/15 09:31 

> and note that of the 101 platforms ("OEs") appearing there, most of
> those operating systems are neither CC certified nor have any other FIPS
> 140-2 validated crypto. Keep in mind that at Level 1 the validation
> applies to the cryptographic module, not the calling application that
> uses that module nor the operating system that runs it.

I came across a Red Hat Security Policy document that clearly puts the XFRM out of the Security Policy domain.? See section 1.1.2, page 8, in:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1386.pdf

This blurs the concept of FIPS validation.? Looks more and more that the validation will only care about what is being declared as going for validation.? In this case (policy might have changed since 2010) they simply say that no, we do not declare the crypto done via XFRM as part of the Security Policy.? And the FIPS lab says, OK, fine.? Hmmm....

Regards.





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux