[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FIPS-140 required?

To: ietf-rtpsec@xxxxxxx
Subject: Re: FIPS-140 required?
From: Spencer Dawkins <spencer@xxxxxxxxxxxxx>
Date: Tue, 06 Feb 2007 09:53:10 -0600
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
References: <000c01c74972$4b89cd10$c2f0200a@xxxxxxxxxxxxxx>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx


Hi, Dan (Wing),

I'm not trying to channel Dan (York), but I did undertand his concern asbeing that other countries that don't use FIPS-140 might reasonably ask"hey, what about OUR mechanism?"

Not that FIPS-140 is evil or weak, just that calling it out may lead torequests that we call out other standards, too.


Thanks,

Spencer

There's also the wee little detail that
FIPS is only a US government standard (although various other
countries do follow it).


Yes, FIPS-140 is a US Government standard, but I don't
understand the concern.  For example, FIPS-140, today, allows
a module that implements IPsec to pass FIPS certification; this

does not mean IPsec is somehow evil or has weak security.

Follow-Ups:
- Re: FIPS-140 required?
  - From: Russ Housley

References:
- RE: FIPS-140 required?
  - From: Dan Wing

Prev by Date: RE: FIPS-140 required?
Next by Date: Re: FIPS-140 required?
Previous by thread: RE: FIPS-140 required?
Next by thread: Re: FIPS-140 required?
Index(es):
- Date
- Thread