Re: [saag] Algorithms/modes requested by users/customers

Jon Callas <jon@callas.org> Wed, 20 February 2008 00:10 UTC

Message-Id: <57147A59-BFAE-4F55-AE28-C653EB7475D1@callas.org>
From: Jon Callas <jon@callas.org>
To: saag@mit.edu
In-Reply-To: <p06240809c3e0d3f52b5b@[10.20.30.152]>
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Tue, 19 Feb 2008 16:10:06 -0800
References: <8329C86009B2F24493D76B486146769A9429B7A8@USEXCHANGE.corp.extremenetworks. com> <p06240804c3de211f0592@[10.20.30.162]><p06240504c3e09559649c@[192.168.0.10 2]> <p06240804c3e0ad5d1fa4@[10.20.30.152]> <FAD1CF17F2A45B43ADE04E140BA83D483C4E93@scygexch1.cygnacom.com> <p06240806c3e0c794447c@[10.20.30.152]> <FAD1CF17F2A45B43ADE04E140BA83D483C4E9D@scygexch1.cygnacom.com> <p06240809c3e0d3f52b5b@[10.20.30.152]>
X-Content-PGP-Universal-Saved-Content-Transfer-Encoding: 7bit
X-Content-PGP-Universal-Saved-Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.01
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
Subject: Re: [saag] Algorithms/modes requested by users/customers
X-BeenThere: saag@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: IETF Security Area Advisory Group <saag.mit.edu>
List-Unsubscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/saag>
List-Post: <mailto:saag@mit.edu>
List-Help: <mailto:saag-request@mit.edu?subject=help>
List-Subscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2008 00:10:22 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 1:13 PM -0500 2/19/08, Santosh Chokhani wrote:
> My general observation is that vendors do not assign their engineers  
> to
> these efforts and there is a dearth of qualified testers, resulting in
> blind leading the blind.

I want to agree with Paul Hoffman that FIPS 140 is unnecessarily  
painful. I think I will also agree with Stephen Kent and say that FIPS  
is to CC as laparoscopic surgery is to open heart.

Santosh also gets a big +1 from me, and I'll tell how even this dark  
cloud has a silver lining.

When PGP first went through FIPS 140, we assigned a dedicated engineer  
to the process. Shepherding software through FIPS 140 was so painful,  
so mind-numbing, so annoying that he quit the company, quit  
cryptography, and quit computer security altogether. He took a job  
with a company that produced MP3 music software. That company was  
bought out by Apple, and the software turned into what we now know as  
iTunes. He is at Apple to this day as the lead of iTunes.

So the next time you listen to an iPod, think about FIPS 140, and  
thank the horrible process.

	Jon

-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII

wj8DBQFHu2/hsTedWZOD3gYRAuZbAJ9IFEWuafL6fAB+2MxJvwIEOmLJiACgkJrs
eRur6xWa+w6FdH022GobtDg=
=ZTOd
-----END PGP SIGNATURE-----

[saag] Algorithms/modes requested by users/custom… Randall Atkinson
Re: [saag] Algorithms/modes requested by users/cu… Paul Hoffman
Re: [saag] Algorithms/modes requested by users/cu… Randall Atkinson
Re: [saag] Algorithms/modes requested by users/cu… Stephen Kent
Re: [saag] Algorithms/modes requested by users/cu… Randall Atkinson
Re: [saag] Algorithms/modes requested by users/cu… Paul Hoffman
Re: [saag] Algorithms/modes requested by users/cu… Paul Hoffman
Re: [saag] Algorithms/modes requested by users/cu… Jack Lloyd
Re: [saag] Algorithms/modes requested by users/cu… Paul Hoffman
Re: [saag] Algorithms/modes requested by users/cu… mcgrew
Re: [saag] Algorithms/modes requested by users/cu… Stephen Kent
Re: [saag] Algorithms/modes requested by users/cu… Jon Callas
Re: [saag] Algorithms/modes requested by users/cu… Peter Gutmann
Re: [saag] Algorithms/modes requested by users/cu… Peter Gutmann
Re: [saag] Algorithms/modes requested by users/cu… Steven M. Bellovin
Re: [saag] Algorithms/modes requested by users/cu… Peter Gutmann
Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
Re: [saag] Algorithms/modes requested by users/cu… Randall Atkinson
Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
Re: [saag] Algorithms/modes requested by users/cu… Randall Atkinson
Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
Re: [saag] Algorithms/modes requested by users/cu… Randall Atkinson
Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
Re: [saag] Algorithms/modes requested by users/cu… Jon Callas
Re: [saag] Algorithms/modes requested by users/cu… Stephen Kent
Re: [saag] Algorithms/modes requested by users/cu… mcgrew
Re: [saag] Algorithms/modes requested by users/cu… Vishwas Manral
Re: [saag] Algorithms/modes requested by users/cu… Peter Gutmann
Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
Re: [saag] Algorithms/modes requested by users/cu… Peter Gutmann
Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
Re: [saag] Algorithms/modes requested by users/cu… Stephen Kent
Re: [saag] Algorithms/modes requested by users/cu… Peter Gutmann
Re: [saag] Algorithms/modes requested by users/cu… Ben Laurie
Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani
Re: [saag] Algorithms/modes requested by users/cu… Santosh Chokhani