| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Mar 2021 09:51:07 +0200
From: Stephan Mueller <smueller@...onox.de>
To: Randy Dunlap <rdunlap@...radead.org>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
David Miller <davem@...emloft.net>
Cc: LKML <linux-kernel@...r.kernel.org>
Subject: Re: crypto: FIPS 200 mode
Am Dienstag, dem 30.03.2021 um 15:26 -0700 schrieb Randy Dunlap:
>
> The Kconfig help text for CRYPTO_FIPS says
>
> config CRYPTO_FIPS
> bool "FIPS 200 compliance"
> ...
> help
> This option enables the fips boot option which is
> required if you want the system to operate in a FIPS 200
> certification. You should say no unless you know what
> this is.
>
> This seems confusing to me since it says "compliance" in one place and
> "certification" in another place. And AFAICT, those two words don't
> mean the same thing as far as NIST & FIPS are concerned.
>
>
> Should it say "compliance" in both places? E.g.
>
> help
> This option enables the fips boot option which is
> required if you want the system to operate in FIPS 200
> compliance mode. You should say no unless you know what
> this is.
Sounds good to me.
Ciao
Stephan
>
>
> thanks.
Powered by blists - more mailing lists