Re: [Fed-Talk] Re: CMV/CAVP Process Clarification
Re: [Fed-Talk] Re: CMV/CAVP Process Clarification
- Subject: Re: [Fed-Talk] Re: CMV/CAVP Process Clarification
- From: Paul Suh <email@hidden>
- Date: Wed, 12 Oct 2011 16:01:58 -0400
Folks,
Please file bugs. Seriously.
We can talk to our friends in Apple engineering at length about an issue, but if we don't file Radar bugs they're not going to do anything about it. Same applies to talking to/e-mailing/otherwise communicating with Shawn. He'll take the feedback to Cupertino and they'll listen, but that pales next to the attention that a Radar bug with a customer impact of $XX million in lost sales will get. Put your dollar figure in your bug report. They read the reports, believe me. Talking about stuff on this list doesn't have any real effect on decisions in Cupertino.
Once engineering management knows about the customer impacts, they can devote more resources to fix the problem. This includes submitting more modules to the FIPS process and pushing things through the pipeline faster.
Let's make it easy for everyone:
https://bugreport.apple.com/
Click on the URL and sign in. File your bug. Include the number from your budget that won't get spent on Apple equipment because of FIPS certification issues. That wasn't so hard, was it?
Your bug will probably be marked as a dupe and closed. This is OK. The volume of dupes is one metric that they use to see how many people are being affected by a bug. Cherish the glow of satisfaction that comes you've done something that makes a difference, rather than just venting about the issue.
--Paul
Paul Suh
email@hidden
(240) 672-4212
http://ps-enable.com/
On Oct 12, 2011, at 9:39 AM, Link, Peter R. wrote:
> Paul,
> Thank you for your concern. We're pestering Shawn because he is the Apple contact for encryption. Filing a bug won't get approvals through NIST any faster. All we're asking for are explanations and status (more in depth status that what we can get from NIST). We have received this information, especially when I offer (slightly) incorrect information and Shawn is gracious enough to politely correct me. We understand Apple is reengineering their encryption modules and, as of this week, know Apple is not going to submit some modules to NIST for FIPS 140-2 validation (including FileVault 2). This will have an impact on all government Mac users and we're going to have to find a way to deal with it.
>
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden