[swift-server-dev] FIPS certification
Drew Crawford
drew at sealedabstract.com
Tue Feb 21 18:04:18 CST 2017
On February 21, 2017 at 3:59:13 PM, Gelareh Taban (gtaban at us.ibm.com) wrote:
- Having a compliance tick mark helps Swift adoption in the larger ecosystem, esp if similar guarantees can be made on both macOS and Linux platforms.
I may be misreading something, but I think this guarantee is not even made.
Per [0], the validation is issued for various configurations with names like "Ubuntu 10.04 running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)" which is, as far as I'm aware, not a supported configuration for Swift. Which of the validated configurations do we intend to support?
Second, my understanding is that the FIPS-validated OpenSSL is not even packaged by e.g. Ubuntu, in part due to the backdoor concerns I raised earlier [1]. Do we intend to package the FIPS module ourselves and distribute to the supported platforms? Or what exactly is a user's path to running a FIPS-validated module? Because `apt-get install openssl`does not tick the box.
[0] http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747
[1] https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/95001
Drew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-server-dev/attachments/20170221/e2414487/attachment.html>
More information about the swift-server-dev
mailing list