Dan,I think that our goal should be to create protocols that do not present significant barriers to FIPS 140 accreditation of implementations. This is not only an issue for US Government users; FIPS 140 accreditation is commonly used in the private sector as proof that a vendor's security module has strong security properties.
Cheers, --Richard Dan Wing wrote:
Is anyone seeing a requirement for FIPS-140 for products that implement SRTP? (FIPS 140-2 is "Security Requirements for Cryptographic Modules", http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf ) -d