> Do we even know for sure this krb5-k5tls is enough for fips
compliance, and that it replaces *all* crypto code in kerberos with
openssl calls?
No it does not. But intention is to make the over the network
communications with TLS to be FIPS-TLS compliant which is cheaper to
certify when reusing a certified TLS component library.
** Changed in: krb5 (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1943530
Title:
link libkrb5 with openssl
Status in krb5 package in Ubuntu:
Confirmed
Bug description:
In Ubuntu we provide a cryptographic core based on a small set of
packages that we FIPS certify [0]. Applications and libraries should
not bundle their own crypto code but should use the cryptographic core
to benefit from the certification, but also importantly to reduce bugs
due to small cryptographic libraries that that are not studied as much
as more popular counterparts. This bug is to change libkrb5 to use the
openssl crypto code instead of bundling its own on the next ubuntu
release.
[0]. https://ubuntu.com/security/fips
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1943530/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
