[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: FIPS-140 required?

To: "Dan Wing" <dwing@xxxxxxxxx>
Subject: RE: FIPS-140 required?
From: dan_york@xxxxxxxxx
Date: Tue, 6 Feb 2007 09:52:24 -0500
Cc: "'Cullen Jennings'" <fluffy@xxxxxxxxx>, ietf-rtpsec@xxxxxxx
In-reply-to: <000c01c74972$4b89cd10$c2f0200a@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx

Dan,

Thanks for the reply. You've addressed my issue with this:

> A solution SHOULD use algorithms that allow FIPS 140-2 > certification.

My point was that I didn't want to see a MUST in there. I didn't want to see the FIPS requirement used as an excuse by any company as to why they could NOT use SRTP. (i.e. "We haven't implemented it because the work required to have a FIPS-compliant algorithm is too much.")

However, I also further understand that you are working on the requirements for the keying algorithm and I do agree... any keying algorithm used for SRTP *should* allow for the potential of FIPS 140-2 certification should the vendor/manufacturer wish to pursue that for their implementation of SRTP.

Thanks,
Dan

--
Dan York, CISSP
Dir of IP Technology, Office of the CTO
Mitel Corp. http://www.mitel.com
dan_york@xxxxxxxxx +1-613-592-2122
PGP key (F7E3C3B4) available for
secure communication

Follow-Ups:
- RE: FIPS-140 required?
  - From: Eugene Nechamkin

References:
- RE: FIPS-140 required?
  - From: Dan Wing

Prev by Date: Re: RTPSec BOF proposal for IETF 68
Next by Date: Re: FIPS-140 required?
Previous by thread: RE: FIPS-140 required?
Next by thread: RE: FIPS-140 required?
Index(es):
- Date
- Thread