[Dnssec-deployment] SCA6000 users [Re: SUN SCA6000 FIPS 140 certification]
paul.hoffman at vpnc.org
Mon Mar 28 13:32:44 EDT 2011
> Not sure how familiar you are with FIPS140-2
Extremely. (Hint: I often write docs for NIST.)
> , but it is a broad
> certification of various aspects of security of a system to be purchased
> for use by a US Government entity for cryptographic purposes.
Right. Which TLDs are USgovt entities?
> As to why, for governmental TLDs (.mil and .gov) it's probably
Other than those two, I meant. :-)
> For others it provides a stong indication that a device is
We disagree here. FIPS 140 shows that the device does its cryptography correctly when the device is set to be in FIPS mode. Many devices that are not FIPS-certified can be shown to be cryptographically correct, and many FIPS-certified devices cannot easily be run in FIPS mode.
> This is especially important when private keys are stored
We disagree here as well, given that FIPS 140 testing has nothing special for "on-line" mode.
More information about the Dnssec-deployment