IETF Logo Mail Archive

Re: [saag] Algorithms/modes requested by users/customers

Jon Callas <jon@callas.org> Wed, 20 February 2008 16:54 UTC

Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m1KGsiJD005324 for <saag@PCH.mit.edu>; Wed, 20 Feb 2008 11:54:44 -0500
Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id m1KGsY1w015637 for <saag@mit.edu>; Wed, 20 Feb 2008 11:54:34 -0500 (EST)
Received: from merrymeet.com (merrymeet.com [66.93.68.160]) by mit.edu (Spam Firewall) with ESMTP id E6230DE6589 for <saag@mit.edu>; Wed, 20 Feb 2008 11:54:06 -0500 (EST)
Received: from keys.merrymeet.com (keys.merrymeet.com [66.93.68.161]) (Authenticated sender: jon) by merrymeet.com (Postfix) with ESMTP id C856CCD34EB for <saag@mit.edu>; Wed, 20 Feb 2008 08:54:05 -0800 (PST)
Received: from [192.168.5.147] ([12.53.176.4]) by keys.merrymeet.com (PGP Universal service); Wed, 20 Feb 2008 08:54:05 -0800
X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 20 Feb 2008 08:54:05 -0800
Message-Id: <71651A38-58E5-4575-9E05-E57A728623B0@callas.org>
From: Jon Callas <jon@callas.org>
To: Santosh Chokhani <SChokhani@cygnacom.com>
In-Reply-To: <FAD1CF17F2A45B43ADE04E140BA83D483C4EEB@scygexch1.cygnacom.com>
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Wed, 20 Feb 2008 08:54:00 -0800
References: <20080220131048.55faab0b@cs.columbia.edu>, <E1JRpLO-0006MQ-Lc@wintermute01.cs.auckland.ac.nz> <8329C86009B2F24493D76B486146769A9596B14F@USEXCHANGE.corp.extremenetworks.com> <FAD1CF17F2A45B43ADE04E140BA83D483C4EEB@scygexch1.cygnacom.com>
X-Mailer: Apple Mail (2.919.2)
X-PGP-Encoding-Format: Partitioned
X-PGP-Encoding-Version: 2.0.2
X-Content-PGP-Universal-Saved-Content-Transfer-Encoding: 7bit
X-Content-PGP-Universal-Saved-Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.01
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
Cc: saag@mit.edu, Randall Atkinson <rja@extremenetworks.com>
Subject: Re: [saag] Algorithms/modes requested by users/customers
X-BeenThere: saag@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: IETF Security Area Advisory Group <saag.mit.edu>
List-Unsubscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/saag>
List-Post: <mailto:saag@mit.edu>
List-Help: <mailto:saag-request@mit.edu?subject=help>
List-Subscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2008 16:54:45 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>
> I don't think anyone has claimed FIPS-140 is perfect.  The claims (not
> by
> me so much as by other folks on the SAAG list) have been that (1)
> FIPS-140
> is better than other extant security evaluations and that (2) so far
> no serious alternative proposal that looks reasonably better has
> appeared.

I agree that both of these are true, but these true statements are not  
inconsistent with the complaints.

A system can be the best available, as well as there being no "serious  
alternative" and still be inadequate.

I think this is the true problem.

I hope that we're not saying that FIPS 140 is the best of all possible  
systems.

	Jon

-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII

wj8DBQFHvFstsTedWZOD3gYRArNbAJ4m8Xr8xugA2UAOQ78ONt3Pkzi2QACgv7qR
eLBNHoY54jxCur581CX8lgI=
=139k
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email