[swift-server-dev] FIPS certification

Drew Crawford drew at sealedabstract.com
Tue Feb 21 18:04:18 CST 2017

On February 21, 2017 at 3:59:13 PM, Gelareh Taban (gtaban at us.ibm.com) wrote:

- Having a compliance tick mark helps Swift adoption in the larger ecosystem, esp if similar guarantees can be made on both macOS and Linux platforms.
I may be misreading something, but I think this guarantee is not even made.

Per [0], the validation is issued for various configurations with names like "Ubuntu 10.04 running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)" which is, as far as I'm aware, not a supported configuration for Swift.  Which of the validated configurations do we intend to support?

Second, my understanding is that the FIPS-validated OpenSSL is not even packaged by e.g. Ubuntu, in part due to the backdoor concerns I raised earlier [1].  Do we intend to package the FIPS module ourselves and distribute to the supported platforms?  Or what exactly is a user's path to running a FIPS-validated module?  Because `apt-get install openssl`does not tick the box.

[0] http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747

[1] https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/95001

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-server-dev/attachments/20170221/e2414487/attachment.html>

More information about the swift-server-dev mailing list