[Cryptography] "Is FIPS 140-2 Actively harmful to software?"
Jerry Leichter
leichter at lrw.com
Fri Jun 20 09:00:04 EDT 2014
He never quite says "yes" but he clearly thinks it.
https://blogs.oracle.com/darren/entry/fips_140_2_actively_harmful
On a related note, pointed to from another blog entry: NIAP has recommended against further development of or evaluation against the Common Criteria profiles for general-purpose OS's and DBMS's:
https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/GPOS%20Position%20Statement.pdf
https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/DBMS%20Position%20Statement.pdf
(Just for good measure, they say the same about "Enterprise Security Management Products".)
OK, it's time for a set of acronyms and a bunch of new paperwork to keep the security/industrial complex - all those consultants ringing DC - fully employed (er, "guaranteeing the security of our critical infrastructure".)
-- Jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140620/fb7fc48b/attachment.bin>
More information about the cryptography
mailing list