System-wide crypto policy transition tracker

[Paul Wouters]

On Wed, 7 Jan 2015, Petr Spacek wrote:

>> The tracker also contains a dependency on NSS respecting the system
>> crypto policy: https://bugzilla.redhat.com/show_bug.cgi?id=1157720
>
> I wonder what is your plan moving forward. Is it going to be 'TLS policy'? Or
> are you planning to generalize it in future?
>
> E.g. DNSSEC-related software can be configured which algorithm list and key
> sizes too. I guess that the same applies to GnuPG.
>
> In other words, should the policy be able to express something like
> 'do not trust MD5, SHA1, DES, RC4, RSA < 1024 bits anymore'

But you cannot make such a statement covering such widely different
deployments of crypto. HMAC-MD5 in IPsec is quite different from MD5 in
CA certificates which is different from MD5 in DNSSEC. If you want to
make statements about what is deemed unsafe for use, you quickly end up
at something like the various NIST BCPs/FIPS standards.

> IMHO it would be extremely handy - it would allow us to quickly react when
> something is seriously broken without patching all affected applications in
> Fedora.

Are you suggesting fedora moves to FIPS=1? :)

Fedora isn't as tighly regulated for crypto libraries or crypto settings
as RHEL is. It takes a lot of efford to find software that has private
copies of functions (like MD5 hashing copied from ssleay/openssl) and
sometimes it is not even used for security (eg squid cache objects use a
private md5 function) and I probably don't want to know what packages
do for random.

Raising the bar to IETF standards or NIST FIPS requirements might be
good though. The fedora software that is also shipped in RHEL should
already meet those requirements.

Paul