[Mono-dev] FIPS 140 cryptography
Sebastien Pouliot
sebastien.pouliot at gmail.com
Thu Oct 11 08:17:12 EDT 2007
Hello Vladimir,
On Fri, 2007-10-05 at 09:02 -0400, Vladimir Giszpenc wrote:
> Hi,
>
> The 100% managed implementation of Mono.Security is an elegant solution but
> the U.S. government may not be as trusting as I am. Are there any plans to
> get official FIPS 140-2 certification?
Yes and no.
Yes. It's been discussed a few times in the past and everyone agrees it
would be nice to have.
No. The short story is that "it's a big, long and costly project" and
that there's been, so far, not many demand for it (wrt to other Mono
features).
> This would go a long way to ensuring
> net worthiness.
I totally agree :)
While it's less elegant (imho) you can still use FIPS140 certified
crypto in Mono by wrapping an existing toolkit (e.g. nss) in C# [1] and
using this as a replacement [2] for Mono's crypto (split in both
Mono.Security and mscorlib).
[1] which is exactly what MS is doing on Windows: the FIPS140 crypto
comes from CryptoAPI (managed stuff isn't certified) and wrapped in the
class library.
[2] it's possible to remap cryptographic algorithms using machine.config
(so all mono tools and *correctly* written applications/libraries will
be using your own crypto).
Sebastien
> Thanks,
>
> Vladimir Giszpenc
> DSCI Contractor Supporting
> US Army CERDEC S&TCD IAD Tactical Network Protection Branch
> (732) 532-8959
>
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list
More information about the Mono-devel-list
mailing list