[Cryptography] "Is FIPS 140-2 Actively harmful to software?"
ianG
iang at iang.org
Fri Jun 20 10:37:16 EDT 2014
On 20/06/2014 14:00 pm, Jerry Leichter wrote:
> He never quite says "yes" but he clearly thinks it.
>
> https://blogs.oracle.com/darren/entry/fips_140_2_actively_harmful
>
> On a related note, pointed to from another blog entry: NIAP has recommended against further development of or evaluation against the Common Criteria profiles for general-purpose OS's and DBMS's:
>
> https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/GPOS%20Position%20Statement.pdf
>
> https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/DBMS%20Position%20Statement.pdf
>
> (Just for good measure, they say the same about "Enterprise Security Management Products".)
Just for good measure, I say the same thing about the entirety of the
Audit process:
http://financialcryptography.com/mt/archives/001126.html
In seven parts.
> OK, it's time for a set of acronyms and a bunch of new paperwork to keep the security/industrial complex - all those consultants ringing DC - fully employed (er, "guaranteeing the security of our critical infrastructure".)
Yes, commonly managed by a new industry body with all the same players
in it. Singing, "meet the new boss, same as the boss!"
iang
More information about the cryptography
mailing list