Full Disk Encryption solutions selected for US Government use
Ian G
iang at systemics.com
Mon Oct 8 16:55:33 EDT 2007
Peter Gutmann wrote:
> Ben Laurie <ben at links.org> writes:
>> Peter Gutmann wrote:
>>> Given that it's for USG use, I imagine the FIPS 140 entry barrier for the
>>> government gravy train would be fairly effective in keeping any OSS products
>>> out.
>> ? OpenSSL has FIPS 140.
>
> But if you build a FDE product with it you've got to get the entire product
> certified, not just the crypto component.
>
> (Actually given the vagueness of what's being certified you might be able to
> get away with getting just one corner certified, but then if you have to use a
> SISWG mode you'd need to modify OpenSSL, which in turn means getting another
> certification. Or the changes you'd need to make to get it to work as a
> kernel driver would require recertification, because you can't just link in
> libssl for that. Or...).
A slightly off-topic question: if we accept that current
processes (FIPS-140, CC, etc) are inadequate indicators of
quality for OSS products, is there something that can be
done about it? Is there a reasonable criteria / process
that can be built that is more suitable?
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list