Paul Wouters wrote: > Why would that be the right choice?
Because this is the FIPS/CC way. Moreover, our FIPS/CC consultant have made it clear. This being said, a difference must be established between a unit, a hardware unit, and software components running inside. It might very well be that my use of "system" was not totally clear. By "system" I meant a hardware unit as a whole. A complete system made of various SW components. In the case of using OpenSource components, there are two very distinct domains of knowledge. One domain is the hardware unit. The other is the realm of the OpenSource components. They do not know each other. It is not possible to ask to OpenSource components to add behaviour for specific products. This is a dedicated hardware product. It could very well not compare to a general purpose system such RHEL FIPS. So the perspective is different. The behaviour I have described is one of a product, a "system". The behaviour in case of error at boot will be documented in a FIPS user guide. The behaviour in case of any FIPS-related error will be documented. > In the case of libreswan, the ideal case is actually that it > starts up, notices the problem, and ensures there remains a > packet block in place for all known VPN endpoints to prevent > packet leaks. Aborting (like we currently do) actually could > cause packet leaks. I'm sure every application could have their > own things that it prefers to do. Rebooting the machine might > actually also be making things worse. In the end, it could be a FIPS standard specifying what software should so, and as such, be validated in labs regarding this. Half joking. For the time being the current method is the one I shortly described. In any event there will have to be an intervention from a responsible person. From the system perspective any failure leads to the same behaviour. A unit cannot run 85% FIPS. If there is a failure detected by libreswan regarding the crypto aspects, the system will know and the procedure will be followed. >> It is still a Wish that OpenSource applications and libraries >> in general should log errors in a standardized way, > The audit kernel subsystem (that libreswan also supports) is such an > attempt. Interesting. -- View this message in context: http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446p350712.html Sent from the Mozilla - Cryptography mailing list archive at Nabble.com. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
