[Mono-dev] FIPS 140 cryptography
Vladimir Giszpenc
vgiszpenc at dsci.com
Fri Oct 17 08:45:01 EDT 2008
> > The Java community has JSS. Would asking for a MonoSS be asking too
> > much?
>
> It depends from who you're asking ;-)
Think of me as an ISV that wants to produce applications for the US
government. The entire federal government including DoD is mandated to
use FIPS compliant crypto libraries.
>
> Network Security Services for Java (JSS) is provided by Mozilla. So
yes
> Mozilla *could* do something like this (not Mono-specific but for
> all .NET users) just like they provide the API for Java.
OK. Today the picture is a little different. Red Hat produced Python
bindings https://fedoraproject.org/wiki/Features/PythonNSS . These will
be in fedora 10. And someone is producing Perl bindings
http://search.cpan.org/~claesjac/Crypt-NSS-0.03/lib/Crypt/NSS.pm
Making Mono and SuSE second class citizens in this realm.
> However I don't think this (NSS) should ever become a direct(*) Mono
> goal(**). Mono itself has already too many things to complete to
afford
> a duplicate effort (since we already offer the same features).
I am going to show my inexperience so please don't get upset when you
tell me it is not so simple. Is there not a way to automatically
generate a bunch of C# stubs based on the C headers?
> Besides NSS there are other FIPS140 certified libraries that could be
> wrapped to give the same end result. However I don't know any
available
> on Linux that have .NET binding.
If you are thinking of OpenSSL it is not as attractive (neither as
current nor Level 2 certified) as NSS. If you are thinking of CryptoAPI
it is a Windows only technology. I like NSS because it is cross
platform (on top of NSPR) and certified to the teeth.
Btw, will Crimson come out of hibernation?
Thanks,
Vlad
More information about the Mono-devel-list
mailing list