cryptoadm(1M) enhancement for FIPS-140 mode [PSARC/2009/347 FastTrack timeout 06/17/2009]
Darren J Moffat
Darren.Moffat at sun.com
Tue Jun 16 02:30:28 PDT 2009
Scott Rotondo wrote:
>>>
>>> 4.3 Interfaces:
>>>
>>> The following new options are added to cryptoadm(1M) sub-commands
>>> cryptoadm list fips-140
>>> cryptoadm enable fips-140
>>> cryptoadm disable fips-140
>
> Very minor issue: People often refer informally to "FIPS mode" rather
> than the more cumbersome FIPS 140 or FIPS 140-2. Unless you expect other
> FIPS standards to apply to the crypto framework, maybe you could save
> users a little typing:
There are other FIPS standards, in particular those that include the
definitions of particular algorithms or PRNG systems.
> cryptoadm list fips
> cryptoadm enable fips
> cryptoadm disable fips
That is what we had originally and I suggested to the team to change it
to fips-140 because there are lots and lots of FIPS standards and this
change to cryptoadm only deals with FIPS 140 not 186 or 86 ... So having
just "fips" is wrong.
--
Darren J Moffat
More information about the opensolaris-arc
mailing list