[Mono-dev] FIPS 140 cryptography

[Vladimir Giszpenc]

Sebastien,

> No. The short story is that "it's a big, long and costly project" and
> that there's been, so far, not many demand for it (wrt to other Mono
> features).

I agree that there are more pressing needs, but it never hurts to voice
your
own so they are recognized.  I am a big Mono proponent, but it is
difficult
to compete with Java on maturity of tools.  

> While it's less elegant (imho) you can still use FIPS140 certified
> crypto in Mono by wrapping an existing toolkit (e.g. nss) in C# [1]
and
> using this as a replacement [2] for Mono's crypto (split in both
> Mono.Security and mscorlib).

The Java community has JSS.  Would asking for a MonoSS be asking too
much?
That seems like a big project as well.  This is not even what I am
really
looking for.  I need SSH.  I found the capability in SharpSSH, but in
order
for me to make certification labs happy, I need the encryption used in
my
SSH implementation to be FIPS 140 compliant.

> [1] which is exactly what MS is doing on Windows: the FIPS140 crypto
> comes from CryptoAPI (managed stuff isn't certified) and wrapped in
the
> class library.
> 
> [2] it's possible to remap cryptographic algorithms using
machine.config
> (so all mono tools and *correctly* written applications/libraries will
> be using your own crypto).

That is nice for Windows, but I am targeting Linux.  I would love to
point
some config file at NSS.  Is there any chance such a thing will happen?

I am a little peon doing R&D hoping to move the Army toward accepting
Mono.
Any help you can give me would be much appreciated!

Many Thanks,

Vladimir Giszpenc
DSCI Contractor Supporting
US Army CERDEC S&TCD IAD Tactical Network Protection Branch
(732) 532-8959