On 8 Oct 2007 10:12:58 -0700, Stephan Somogyi wrote:
At 02:11 +1300 09.10.2007, Peter Gutmann wrote:
But if you build a FDE product with it you've got to get the entire product
certified, not just the crypto component.
I don't believe this to be the case.
FIPS 140(-2) is about
| A slightly off-topic question: if we accept that current processes
| (FIPS-140, CC, etc) are inadequate indicators of quality for OSS
| products, is there something that can be done about it? Is there a
| reasonable criteria / process that can be built that is more suitable?
Well, if you
On Oct 8, 2007, at 4:27 AM, Steven M. Bellovin wrote:
On Mon, 18 Jun 2007 22:57:36 -0700
Ali, Saqib [EMAIL PROTECTED] wrote:
US Government has select 9 security vendors that will product drive
and file level encryption software.
See:
We submitted a letter to the Program Manager, that while they RFP
was asking for an FDE solution, they really needed to focus on Key
Management across the agency, rather than the actual encryption
solution itself, before they deployed any encryption product.
We proposed our open-source
At 02:11 +1300 09.10.2007, Peter Gutmann wrote:
But if you build a FDE product with it you've got to get the entire product
certified, not just the crypto component.
I don't believe this to be the case.
FIPS 140(-2) is about validating cryptographic implementations. It is
not about
Arshad,
Some of the solutions already include a KMS. One of the key
requirements of this particular RFP was Transparency. Can you please
elaborate more on how StrongKey KMS would have improved on
transparency?
Thanks
saqib
http://security-basics.blogspot.com/
On 10/8/07, Arshad Noor [EMAIL
-0800) America/Los_Angeles
Subject: Re: Full Disk Encryption solutions selected for US Government use
Arshad,
Some of the solutions already include a KMS. One of the key
requirements of this particular RFP was Transparency. Can you please
elaborate more on how StrongKey KMS would have improved
Peter Gutmann wrote:
Ben Laurie [EMAIL PROTECTED] writes:
Peter Gutmann wrote:
Given that it's for USG use, I imagine the FIPS 140 entry barrier for the
government gravy train would be fairly effective in keeping any OSS products
out.
? OpenSSL has FIPS 140.
But if you build a FDE product
US Government has select 9 security vendors that will product drive
and file level encryption software.
See:
http://security-basics.blogspot.com/2007/06/fde-fde-solutions-selected-for-us.html
OR
http://tinyurl.com/2xffax
-
The