IETF Logo Mail Archive

Re: [saag] Algorithms/modes requested by users/customers

mcgrew <mcgrew@cisco.com> Thu, 21 February 2008 15:01 UTC

Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m1LF19hP016915 for <saag@PCH.mit.edu>; Thu, 21 Feb 2008 10:01:09 -0500
Received: from mit.edu (W92-130-BARRACUDA-2.MIT.EDU [18.7.21.223]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id m1LF0wRc026509 for <saag@mit.edu>; Thu, 21 Feb 2008 10:00:58 -0500 (EST)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by mit.edu (Spam Firewall) with ESMTP id 7B36ACD6A31 for <saag@mit.edu>; Thu, 21 Feb 2008 10:00:37 -0500 (EST)
Received: from rtp-dkim-1.cisco.com ([64.102.121.158]) by rtp-iport-1.cisco.com with ESMTP; 21 Feb 2008 10:00:37 -0500
Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m1LF0be3009783; Thu, 21 Feb 2008 10:00:37 -0500
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id m1LExtVG017362; Thu, 21 Feb 2008 15:00:36 GMT
Received: from xmb-rtp-20c.amer.cisco.com ([64.102.31.57]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 21 Feb 2008 10:00:33 -0500
Received: from 10.32.254.210 ([10.32.254.210]) by xmb-rtp-20c.amer.cisco.com ([64.102.31.57]) with Microsoft Exchange Server HTTP-DAV ; Thu, 21 Feb 2008 15:00:33 +0000
User-Agent: Microsoft-Entourage/11.2.4.060510
Date: Thu, 21 Feb 2008 07:00:32 -0800
From: mcgrew <mcgrew@cisco.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, rja@extremenetworks.com, saag@mit.edu
Message-ID: <C3E2D210.4BA6%mcgrew@cisco.com>
Thread-Topic: [saag] Algorithms/modes requested by users/customers
Thread-Index: Ach0moEcv2aO4uCNEdyLkQAUUQnMFg==
In-Reply-To: <E1JRnFf-0008Uw-1D@wintermute01.cs.auckland.ac.nz>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 21 Feb 2008 15:00:33.0899 (UTC) FILETIME=[823EABB0:01C8749A]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1072; t=1203606037; x=1204470037; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mcgrew@cisco.com; z=From:=20mcgrew=20<mcgrew@cisco.com> |Subject:=20Re=3A=20[saag]=20Algorithms/modes=20requested=2 0by=20users/customers |Sender:=20 |To:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz>,=20<rj a@extremenetworks.com>,=0A=20=20=20=20=20=20=20=20<saag@mit. edu>; bh=oc51/+WI0v8ooyb5/ZHcG+BZnkqhVvCKGW+8Kl0DZWY=; b=Gnn9mS5kdms5a3pHl+2KN8WjqVdhgwo2VqT+lYSbCSA7+WMyYPGWqoPw4/ BuIX4Ls8Wezbl99zLeRHgjpGpNwwKYdsargwsKPOHJlOWBqL4hc0x087Hjz/ fdomtcKY9d;
Authentication-Results: rtp-dkim-1; header.From=mcgrew@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
X-Spam-Score: 0.30
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
Subject: Re: [saag] Algorithms/modes requested by users/customers
X-BeenThere: saag@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: IETF Security Area Advisory Group <saag.mit.edu>
List-Unsubscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/saag>
List-Post: <mailto:saag@mit.edu>
List-Help: <mailto:saag-request@mit.edu?subject=help>
List-Subscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2008 15:01:10 -0000

Hi Peter,

On 2/20/08 3:36 AM, "Peter Gutmann" <pgut001@cs.auckland.ac.nz> wrote:

> mcgrew <mcgrew@cisco.com> writes:
> 
>> Winston Churchill said that democracy is the worst form of government, except
>> for all of the others.  I think that the same is true for the FIPS-140
>> cryptomodule validation process ;-)
> 
> I think it's more a case of the Politician's Fallacy:
> 
> 1. Something must be done.
> 2. This is something.
> 3. This must be done.
> 

I like that.

> It'd be interesting to see a study of the effectiveness in terms of finding
> security and interop problems of:
> 
> A. A FIPS 140 eval.
> 
> B. Running the code through Fortify/Coverity/whatever and completing a crypto
>    exchange with a peer (TLS, S/MIME, PGP, whatever the underlying crypto is
>    that's being used).
> 
> in particular in terms of return for effort-involved.
> 
> Peter.

I share you interest in the automation of validation testing; the more that
can be automated, the better.  It would be great to see more work in this
area. 

David

v2.23.0 | Report a Bug | By Email