<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On 27 February 2014 10:58, Andrew Lutomirski <span dir="ltr"><<a href="mailto:luto@mit.edu" target="_blank">luto@mit.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5"><br></div></div><div class="">
> We have to document that, but there will be always ways to shoot<br>
> someones foot. There are legitimate uses of increasing a security level<br>
> (if one for example sets up machines to be used in a LAN).<br>
><br>
>> If someone sets SUITEB-whatever, is Curve25519 acceptable?<br>
><br>
> SuiteB only allows two curves. SECP256 and SECP384 if I remember well.<br>
<br>
</div>I understand why people implement ridiculous FIPS modes: it's to<br>
comply with government rules. I don't see why Fedora should add to<br>
the mess.<br>
<div class=""><br></div></blockquote></div><div><br></div><div>Because such .gov rules are pushing throughout the industry and university systems. You may be a research professor who has a grant which requires you to show your systems are on such level as someone in the granting agency doesn't want its grants to have stored their records in plain text or worse the algorithms the professor knew back in the 1970's when he was a grad student. [Been there, done that] You may be a university hospital which has to show that it is keeping confidentiality through various levels [Fedora like many linuxes gets used to be embedded in hardware you might scratch your head but it is what it is.] You may be a EU giant accelerator which finds that its funding has new riders and while you don't use Fedora, you use a rebuild and will want to show you can meet those riders in X years (which is usually good enough for the financial auditors).</div>
<div><br></div><div>It is basically to help make the work easier so that when someone is told you have to make your system compliant they can do it in one spot versus 500.</div><div><br></div>-- <br><div dir="ltr">Stephen J Smoogen.<br>
<br></div>
</div></div>