[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FIPS-140 required?

To: Dan Wing <dwing@xxxxxxxxx>
Subject: Re: FIPS-140 required?
From: David McGrew <mcgrew@xxxxxxxxx>
Date: Mon, 29 Jan 2007 14:09:29 -0800
Authentication-results: sj-dkim-5; header.From=mcgrew@xxxxxxxxx; dkim=pass ( sig from cisco.com/sjdkim5002 verified; );
Cc: <ietf-rtpsec@xxxxxxx>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1021; t=1170108582; x=1170972582; c=relaxed/simple; s=sjdkim5002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mcgrew@xxxxxxxxx; z=From:=20David=20McGrew=20<mcgrew@xxxxxxxxx> |Subject:=20Re=3A=20FIPS-140=20required? |Sender:=20; bh=bC0hMMqv2kUUwKdqpI40LpInf5dx+QhMRHcEo1fd6wU=; b=uJhQDOFsBbogWSF5Sx3a1/S56/rOJf5IjW4QfNTQJ9jUtM8hAGF3Sl0F6BbMkuqtYtHStQW9 Vdngf/ggp9df3H/3xssPlRyOS49CboPmzQ/+qbpFxHqISni3572xODPK;
In-reply-to: <095d01c7419c$fa9d60b0$c5f0200a@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
References: <095d01c7419c$fa9d60b0$c5f0200a@xxxxxxxxxxxxxx>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx


Hi Dan,

definitely. I'm interested, and so are some other folks that havetalked to me. At present, the default crypto algorithms andparameters for SRTP are on the FIPS-140 approved algorithms list(http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf). It is also highly desirable to have a mediaplane keying method that is FIPS-140 conformant.

There is an FIPS-140 issue that I'm aware of for SRTP. Some voipimplementations use a 32-bit authentication tag in SRTP. It is notclear yet whether or not this weak authentication is a currentlyacceptable parameter choice for FIPS-140, but the default tag lengthis 80 bits, and there is no problem with that length.


David

On Jan 26, 2007, at 2:54 PM, Dan Wing wrote:

Is anyone seeing a requirement for FIPS-140 for products thatimplement
SRTP?

(FIPS 140-2 is "Security Requirements for Cryptographic Modules",
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf )

-d

References:
- FIPS-140 required?
  - From: Dan Wing

Prev by Date: Re: FIPS-140 required?
Previous by thread: Re: FIPS-140 required?
Next by thread: RTP UDP audio max packet size per codec
Index(es):
- Date
- Thread