Re: [saag] Algorithms/modes requested by users/customers

[Paul Hoffman <paul.hoffman@vpnc.org>]

At 3:42 PM -0800 2/16/08, Randall Atkinson wrote:
>1) NIST FIPS-140 conforming algorithms/modes.
>and
>2) Suite-B conforming algorithms/modes.

This seems reasonable, and similar to what I hear from VPNC members. 
(Sadly, these same members ship new equipment defaulting to 
algorithms not in that list, but that's a different thread...)

>This seems to be driven externally by insurance firms that tell
>their customers to only use equipment whose cryptographic
>subsystems/modules have been (or are going to be) evaluated
>formally under FIPS-140.

That is unreasonable. The ratio of "number of systems that use 
crypto" to "number of systems that have been or are going to be 
evaluated formally under FIPS-140" is incredibly high. The FIPS 140 
evaluation process is horribly broken on a number of axes, and all 
the vendors in the field know it and complain privately about it.

If you had instead said "have been (or at least could be) evaluated", 
I would agree with you. Buyers want to know that, if pressed hard, 
they can say "well, it is like that other system over there that got 
certified", and to do that, the uncertified system has to at least 
support all the right crypto. There is a noticeable but 
non-quantifiable preference for systems with a FIPS 140 certificate, 
but (outside the USGovt, of course) nearly no hard demand.

>And I'll note that this are not really driven particularly by US firms.
>European, Asia/Pacific, and Latin American firms are making the
>exact same requests for FIPS-140 of their equipment vendors.

I have heard that as well from VPNC members. But note the use of the 
term "requests".

It would be a mistake for the IETF to look like we support the FIPS 
140 certification process, even though it makes good sense for us to 
use the algorithms in that process as the basis for a suggested 
cross-IETF algorithm suite.

--Paul Hoffman, Director
--VPN Consortium