In accepting patches to implement TLS 1.2 and/or AES-GCM cipher suites, is a (potentially-)FIPS-140-compliant implementation required? Or, would it be acceptable in the short-term to have an implementation that is known to be non-compliant and thus disabled in FIPS mode?
The main issue regarding TLS 1.2 and AES-GCM cipher suites is that standardizing the necessary PKCS#11 interfaces that would lead to a FIPS-140-compliant implementation using the current strategy for such compliance would probably cause a very large (many weeks or months) delay, followed by a long delay in getting Softoken re-validated with those APIs implemented. Whereas a complete non-FIPS-140-compliant implementation for NSS could be just a week or two away from being contributed if it was acceptable to disable it in FIPS mode. Note that IE8 on Windows 7 already implements TLS 1.2 and a couple AES-GCM cipher suites, so these are both needed for IE parity. Opera also implements TLS 1.2 but not AES-GCM cipher suites. Also note that Windows' AES-GCM implementation is marked "non-compliant" on its FIPS 140-2 validation (probably for the same reason I think the PKCS#11 interface for AES-GCM is wrong), so that leads me to believe that IE8's AES-GCM implementation is not enabled in FIPS mode, but I didn't verify that yet. My other question is: Which reviewers would have time to review such contributions? Thanks, Brian
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
