[147987] in cryptography@c2.net mail archive

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [Cryptography] FIPS 140 testing hurting secure random

daemon@ATHENA.MIT.EDU (Salz, Rich)
Mon Nov 4 12:27:42 2013

X-Original-To: cryptography@metzdowd.com
From: "Salz, Rich" <rsalz@akamai.com>
To: Ben Laurie <ben@links.org>, John Kelsey <crypto.jmk@gmail.com>
Date: Mon, 4 Nov 2013 10:25:38 -0500
In-Reply-To: <CAG5KPzwPjVaU6B7GRmd79tY-BT3SKfBeet7StQBPiza6yVVpLg@mail.gmail.com>
Cc: Cryptography <cryptography@metzdowd.com>,
	Paul Hoffman <paul.hoffman@vpnc.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

> I recommend just ignoring FIPS 140, it is such a waste of time and money.

This is often not an option if you want to sell your product to (parts of) the US Government.

On a related manner, I was recently told that IBM is "beginning to stop" getting its products Common Criteria certified.

	/r$

--  
Principal Security Engineer
Akamai Technology
Cambridge, MA
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

home	help	back	first	fref	pref	prev	next	nref	lref	last	post