IETF Logo Mail Archive

Re: [saag] Algorithms/modes requested by users/customers

pgut001@cs.auckland.ac.nz (Peter Gutmann) Wed, 20 February 2008 11:37 UTC

Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m1KBbG1G018564 for <saag@PCH.mit.edu>; Wed, 20 Feb 2008 06:37:16 -0500
Received: from mit.edu (M24-004-BARRACUDA-2.MIT.EDU [18.7.7.112]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id m1KBb42v005458 for <saag@mit.edu>; Wed, 20 Feb 2008 06:37:05 -0500 (EST)
Received: from mailhost.auckland.ac.nz (curly.its.auckland.ac.nz [130.216.12.33]) by mit.edu (Spam Firewall) with ESMTP id 955DCFC05B4 for <saag@mit.edu>; Wed, 20 Feb 2008 06:36:43 -0500 (EST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 991349C78D; Thu, 21 Feb 2008 00:36:40 +1300 (NZDT)
Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (curly.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0dc7iktaQ4nY; Thu, 21 Feb 2008 00:36:40 +1300 (NZDT)
Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id E26249C78B; Thu, 21 Feb 2008 00:36:39 +1300 (NZDT)
Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 2A993E080BD; Thu, 21 Feb 2008 00:36:39 +1300 (NZDT)
Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from <pgut001@wintermute01.cs.auckland.ac.nz>) id 1JRnFf-0008Uw-1D; Thu, 21 Feb 2008 00:36:39 +1300
From: pgut001@cs.auckland.ac.nz
To: mcgrew@cisco.com, rja@extremenetworks.com, saag@mit.edu
In-Reply-To: <C3E06DA4.4AB3%mcgrew@cisco.com>
Message-Id: <E1JRnFf-0008Uw-1D@wintermute01.cs.auckland.ac.nz>
Sender: pgut001 <pgut001@cs.auckland.ac.nz>
Date: Thu, 21 Feb 2008 00:36:39 +1300
X-Spam-Score: 0.00
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
Subject: Re: [saag] Algorithms/modes requested by users/customers
X-BeenThere: saag@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: IETF Security Area Advisory Group <saag.mit.edu>
List-Unsubscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/saag>
List-Post: <mailto:saag@mit.edu>
List-Help: <mailto:saag-request@mit.edu?subject=help>
List-Subscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2008 11:37:16 -0000

mcgrew <mcgrew@cisco.com> writes:

>Winston Churchill said that democracy is the worst form of government, except
>for all of the others.  I think that the same is true for the FIPS-140
>cryptomodule validation process ;-)

I think it's more a case of the Politician's Fallacy:

1. Something must be done.
2. This is something.
3. This must be done.

It'd be interesting to see a study of the effectiveness in terms of finding
security and interop problems of:

A. A FIPS 140 eval.

B. Running the code through Fortify/Coverity/whatever and completing a crypto
   exchange with a peer (TLS, S/MIME, PGP, whatever the underlying crypto is
   that's being used).

in particular in terms of return for effort-involved.

Peter.

v2.23.0 | Report a Bug | By Email