We submitted a letter to the Program Manager, that while they RFP was asking for an FDE solution, they really needed to focus on Key Management across the agency, rather than the actual encryption solution itself, before they deployed any encryption product.
We proposed our open-source Symmetric Key Management System (SKMS) software - StrongKey - as a solution since it includes utilities to perform file, directory and column-level database encryption using FIPS-certified tokens: smartcards, HSMs and software modules (NSS). Given that the solution we proposed was OSS, that it could leverage any FIPS-certified token through their published JCE/PKCS11 library, and that the StrongKey protocol is winding its way through OASIS towards becoming the Symmetric Key Services Markup Language (SKSML) with the support of 33 companies/individuals including the DoD, we believed that this solution was optimal for the government from many different points of view. However, because the RFP was narrowly written for FDE products only, our submission was not accepted. That's life in the Federal procurement lane.... they think they're buying a state of the art security solution and they don't realize that the state of the art has already shifted under their feet. Arshad Noor StrongAuth, Inc. ----- Original Message ----- From: "Steven M. Bellovin" <[EMAIL PROTECTED]> On Mon, 18 Jun 2007 22:57:36 -0700 "Ali, Saqib" <[EMAIL PROTECTED]> wrote: > US Government has select 9 security vendors that will product drive > and file level encryption software. > > See: > http://security-basics.blogspot.com/2007/06/fde-fde-solutions-selected-for-us.html > OR > http://tinyurl.com/2xffax > Out of curiousity, are any open source FDE products being evaluated? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
