[saag] Algorithms/modes requested by users/customers
Jon Callas
jon at callas.org
Tue Feb 19 19:10:06 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 1:13 PM -0500 2/19/08, Santosh Chokhani wrote:
> My general observation is that vendors do not assign their engineers
> to
> these efforts and there is a dearth of qualified testers, resulting in
> blind leading the blind.
I want to agree with Paul Hoffman that FIPS 140 is unnecessarily
painful. I think I will also agree with Stephen Kent and say that FIPS
is to CC as laparoscopic surgery is to open heart.
Santosh also gets a big +1 from me, and I'll tell how even this dark
cloud has a silver lining.
When PGP first went through FIPS 140, we assigned a dedicated engineer
to the process. Shepherding software through FIPS 140 was so painful,
so mind-numbing, so annoying that he quit the company, quit
cryptography, and quit computer security altogether. He took a job
with a company that produced MP3 music software. That company was
bought out by Apple, and the software turned into what we now know as
iTunes. He is at Apple to this day as the lead of iTunes.
So the next time you listen to an iPod, think about FIPS 140, and
thank the horrible process.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFHu2/hsTedWZOD3gYRAuZbAJ9IFEWuafL6fAB+2MxJvwIEOmLJiACgkJrs
eRur6xWa+w6FdH022GobtDg=
=ZTOd
-----END PGP SIGNATURE-----
More information about the saag
mailing list