IETF Logo Mail Archive

Re: [saag] Algorithms/modes requested by users/customers

"Santosh Chokhani" <SChokhani@cygnacom.com> Tue, 19 February 2008 16:50 UTC

Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m1JGoQrw015899 for <saag@PCH.mit.edu>; Tue, 19 Feb 2008 11:50:26 -0500
Received: from mit.edu (W92-130-BARRACUDA-2.MIT.EDU [18.7.21.223]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id m1JGoGki015630 for <saag@mit.edu>; Tue, 19 Feb 2008 11:50:17 -0500 (EST)
Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by mit.edu (Spam Firewall) with SMTP id 08DE9CD4D90 for <saag@mit.edu>; Tue, 19 Feb 2008 11:49:55 -0500 (EST)
Received: (qmail 2626 invoked from network); 19 Feb 2008 16:42:22 -0000
Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4; 19 Feb 2008 16:42:22 -0000
Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 19 Feb 2008 16:42:22 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Tue, 19 Feb 2008 11:49:53 -0500
Message-ID: <FAD1CF17F2A45B43ADE04E140BA83D483C4E93@scygexch1.cygnacom.com>
in-reply-to: <p06240804c3e0ad5d1fa4@[10.20.30.152]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [saag] Algorithms/modes requested by users/customers
Thread-Index: AchzFO3PhWGkWHRDTSG0q9i/xNMp9gAAJGnw
References: <8329C86009B2F24493D76B486146769A9429B7A8@USEXCHANGE.corp.extremenetworks. com> <p06240804c3de211f0592@[10.20.30.162]><p06240504c3e09559649c@[192.168.0.102]> <p06240804c3e0ad5d1fa4@[10.20.30.152]>
From: Santosh Chokhani <SChokhani@cygnacom.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>, Stephen Kent <kent@bbn.com>
X-Spam-Score: 0.14
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id m1JGoQrw015899
X-Mailman-Approved-At: Wed, 20 Feb 2008 10:05:23 -0500
Cc: saag@mit.edu, Randall Atkinson <rja@extremenetworks.com>
Subject: Re: [saag] Algorithms/modes requested by users/customers
X-BeenThere: saag@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: IETF Security Area Advisory Group <saag.mit.edu>
List-Unsubscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/saag>
List-Post: <mailto:saag@mit.edu>
List-Help: <mailto:saag-request@mit.edu?subject=help>
List-Subscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2008 16:50:27 -0000

On the issue of it takes too long, the FIPS process is the envy of other
schemes.  One could always be faster.

On the issue of restart, that is misunderstanding on Paul's part.  There
is no restart.  Generally, problem is fixed and you pick up that point.
This is generally a vendor problem.  Depending on the nature of
problem/failure, other aspects of the testing can continue without loss
of calendar time.

Subjective tests seems to be misunderstanding on Paul's part.  Having
been in the Orange Book, CC and FIPS process, I as validator, tester,
and certifier as well as vendor generally rue about rigidness of the
standard and lack of subjective judgment on the part of the tester or
lack of subjective latitude to vendors.

FIPS 140 has specific guidelines on how to deal with minor incremental
changes that helps reduce cost and calendar time.

The standard is NOT a protocol standard.  It does verify the algorithm
implementations and thus, FIPS validated algorithms can interoperate.

In terms of low end devices, 20-30K for level 1 testing amortized over
devices does not seem too onerous.

I do not understand what Paul refers to as silly modes.  The module
being FIPS validated must use FIPS validated or recognized algorithms
for a given crypto service.  That seems like a good thing to me.



-----Original Message-----
From: saag-bounces@mit.edu [mailto:saag-bounces@mit.edu] On Behalf Of
Paul Hoffman
Sent: Tuesday, February 19, 2008 11:18 AM
To: Stephen Kent
Cc: saag@mit.edu; Randall Atkinson
Subject: Re: [saag] Algorithms/modes requested by users/customers

At 10:15 AM -0500 2/19/08, Stephen Kent wrote:
>Can you share the reasons cited by vendors to support the notion 
>that the FIPS 140 process is broken.

Sure.

- It takes way too long from submission of system to validation, even 
if no problems are found.

- If problems are found during evaluation, the restart time is too long.

- Some of the tests are fairly subjective, and it becomes a game of 
fixing code to please the testing service, not to make the product 
more secure.

- An evaluated product cannot have its core firmware updated without 
losing the validation. For example, if a customer asks for a new 
feature that might touch the crypto, the vendor has to choose between 
losing the validation (and paying for a new one, and waiting for the 
results) or keeping the customer happy.

- The validation doesn't even check for on-the-wire interoperability, 
which is what the customers care about most.

- The test process is too expensive for many low-end devices that 
would be very useful in USGovt offices.

- The system introduces silly modes that make the systems more
complicated.

These are the top complaints I hear from both large and small 
vendors. There are certainly others. "Oh, don't get me started" is 
commonly heard when discussing FIPS 140 testing.

>   Compared to other security evaluation criteria, e.g. CC or the old 
>Organge Book, most security folks I know view the FIPS 140 
>evaluation program as well managed and not very onerous.

"Security folks" are not good evaluators on how some processes affect 
the market.

>Also, if buyers believe that a device that "could be evaluated" is 
>good enough, they are being rather naive.

Maybe. If a buyer cares about "does this box support the needed 
crypto in an interoperable fashion", then the perception is fine. If 
they care about all the details that FIPS 140 testing covers, then of 
course it is naive.

>Experience with the FIPS 140 program has shown that a significant 
>fraction of of products submitted for evaluation fail the process.

This statement is usually bandied about without any quantification of 
what failures were found, as it is here. As someone who creates test 
suites, I can assure you that I can make a few picky rules for 
systems that would cause some of those systems to fail, but most end 
users who understood those few rules would say that those rules were 
silly. Of course, different end users have different requirements. It 
is generally felt by vendors that some/many of the rules for FIPS 140 
are silly and unneeded; on the other hand, it is likely that at least 
a few USGovt customers would really want some of those rules for 
particular reasons.

>Presumably a vendor submitting a product for evaluation believes 
>that the product is ready, and will pass, otherwise the vendor is 
>wasting money on the evaluation effort.

Wrong, very wrong. You cannot tell what the testing agency might try 
to knock you down on ahead of time. Of course, you cover what you 
can, but you also know that there is a good chance they'll just whack 
you a bit because it makes them look good.

>The fact that many products fail evaluation (for good security 
>reasons), tells me that a vendor's claim that a product "could be 
>evaluated" is not much of an assurance.

If you believe in the testing regime, that's fine. Others don't, and 
I believe for very good reasons in their own use scenarios.

--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
saag mailing list
saag@mit.edu
http://mailman.mit.edu/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email