[illumos-Developer] webrev: removal of closed kcfd
Garrett D'Amore
garrett at damore.org
Sun Sep 12 13:01:38 PDT 2010
On Sun, 2010-09-12 at 21:46 +0200, Joerg Schilling wrote:
> "Garrett D'Amore" <garrett at nexenta.com> wrote:
>
> > On Sun, 2010-09-05 at 00:15 +0200, Joerg Schilling wrote:
> > > "Garrett D'Amore" <garrett at nexenta.com> wrote:
> > >
> > > > This is a first pass at removing the closed kcfd. It removes the
> > > > daemon, and also does away with all fips and module verification, and
> > > > runs the kernel threads for crypto using lwps in the kernel rather than
> > > > relying on a daemon. (Thanks to richlowe for the suggestion.)
> > > >
> > > > http://mexico.purplecow.org/gdamore/webrev/nokcfd/
> > >
> > > Why did you remove fips?
> >
> > Because you can't have fips without module verification. And you can't
> > have module verification without the closed code or reimplementing the
> > closed code.
> >
> > Furthermore, FIPS is *very* difficult to get right, and requires quite a
> > bit beyond just writing the code. So there's no way we could continue
> > to have a FIPS solution without massive investment.
>
> fips-140 is part of openssl and I've seen that it has been certified. What is
> special with openssl?
I know far more about the particular problems of FIPS 140. The
certification of openssl is limited and different in scope than what was
in KCF. (They chose a much reduced cryptographic boundary, and a lower
level of certification.) Doing the verification also requires expensive
audits, etc. And you can't patch the code without having to resubmit
your changes for review. Its not trivial.
>
> What do you understand by "module verification"? Are you talking about chking
> whether a signed library is unchanged?
Yes.
> If this code closed source on Solaris?
The verification code is, yes.
- Garrett
>
> Jörg
>
More information about the Developer
mailing list