• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Apple CoreCrypto FIPS Status
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Apple CoreCrypto FIPS Status

  • Subject: Re: [Fed-Talk] Apple CoreCrypto FIPS Status
  • From: "Link, Peter R." <email@hidden>
  • Date: Tue, 05 Mar 2013 17:18:59 +0000
  • Thread-topic: [Fed-Talk] Apple CoreCrypto FIPS Status
John,

from previous email from Shawn---

To restate quickly here for you again what I have noted a few times on the list before.....

** OSX *** Will be covered by
Service Crypto module Apple's FIPS 140-2 Validation
• FIleVault 2  CoreCrypto Kernel YES
• TLS/SSL CoreCrypto YES - *IF* using FIPS Approved Algorithms
• S/MIME CoreCrypto YES - *IF* using FIPS Approved Algorithms
• SSH (OpenSSH) Uses OpenSSL  NO
• SSL (OpenSSL) Uses its Own Crypto NO
• Heimdal Kerberos Uses its Own Crypto NO
• ...

How about the SSL provided in OS X Server web server?

Apache uses OpenSSL --> No.

How about the SSL embedded in Safari and Mobile Safari?

There is no SSL embedded in Safari or Mobile Safari.  That would indicate a misunderstanding of the architecture.  Safari relies on built-in OS services such as SecureTransport / CFNetwork / etc. which all use the CoreCrypto module.

How about the device encryption on iOS devices?

Yes.  CoreCrypto Kernel.


- Shawn

***from Peter

CoreCrypto is already being used by OSX. It is the default crypto module for most Apple applications. Third-party applications can still use other modules and have to get FIPS certification for those separately from what Apple is doing.


On Mar 5, 2013, at 9:06 AM, "Oliver, John N JR CTR SPAWARSYSCEN-PACIFIC, 53223"
 <email@hidden>
 wrote:

Actually, I was thinking more along the lines of, when is CoreCrypto going to be the default out-of-the-box?  When does the old OpenSSL go away?

-----Original Message-----
From: fed-talk-bounces+john.n.oliver.ctr=email@hidden [mailto:fed-talk-bounces+john.n.oliver.ctr=email@hidden] On Behalf Of Neely, Lee
Sent: Tuesday, March 05, 2013 8:32 AM
To: Link, Peter R.; Apple Fed-Talk
Subject: Re: [Fed-Talk] Apple CoreCrypto FIPS Status

John-

What you're really looking for is information on what needs to be configured (and how) to meet/pass.  Apple has indicated they will publish information after the certification completes. I'm hoping (and I think Peter hints at it as well) the impact is nominal, or even trivial.



Lee

Lee Neely, CISSP, CCUV



Lawrence Livermore National Laboratory

Cyber Security Program

7000 East Ave L-315

Livermore, CA, 94551



( Phone: +1 (925) 422-0140

( Mobile :  +1 (925) 321-0087

* email@hidden







From: fed-talk-bounces+neely1=email@hidden [mailto:fed-talk-bounces+neely1=email@hidden] On Behalf Of Link, Peter R.
Sent: Tuesday, March 05, 2013 8:25 AM
To: Apple Fed-Talk
Subject: Re: [Fed-Talk] Apple CoreCrypto FIPS Status



too early, too many typos---



Depends on what you mean by deployment. The software is already there and the only "deployment" feature would be an upgraded FIPS application that would check that everything has started up properly, which generates a report you can use for any auditors. I don't believe Apple is adding any modules that don't already exist. The FIPS certification is simply that, a certification that the modules are working properly.



On Mar 5, 2013, at 7:48 AM, "Oliver, John N JR CTR SPAWARSYSCEN-PACIFIC, 53223" <email@hidden> wrote:





Do we have any idea what that means as far as a potential timetable to actual deployment?

-----Original Message-----
From: fed-talk-bounces+john.n.oliver.ctr=email@hidden <mailto:fed-talk-bounces+john.n.oliver.ctr=email@hidden>  [mailto:fed-talk-bounces+john.n.oliver.ctr=email@hidden] On Behalf Of Rowe, Walter
Sent: Tuesday, March 05, 2013 6:10 AM
To: email@hidden
Subject: [Fed-Talk] Apple CoreCrypto FIPS Status

All four of Apple's CoreCrypto modules are in the "Coordination" phase according to the March 4th, 2013 CMVP report (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf).

* Apple iOS CoreCrypto Module
* Apple iOS CoreCrypto Kernel Module
* Apple OS X CoreCrypto Module
* Apple OS X CoreCrypto Kernel Module

Walter

--
Walter Rowe, System Hosting
Enterprise Systems / OISM
email@hidden
301-975-2885

_______________________________________________





_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94551-0808
email@hidden



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >[Fed-Talk] Apple CoreCrypto FIPS Status (From: "Rowe, Walter" <email@hidden>)
 >Re: [Fed-Talk] Apple CoreCrypto FIPS Status (From: "Link, Peter R." <email@hidden>)
 >Re: [Fed-Talk] Apple CoreCrypto FIPS Status (From: "Link, Peter R." <email@hidden>)
 >Re: [Fed-Talk] Apple CoreCrypto FIPS Status (From: "Neely, Lee" <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Apple CoreCrypto FIPS Status
  • Next by Date: Re: [Fed-Talk] Apple CoreCrypto FIPS Status
  • Previous by thread: Re: [Fed-Talk] Apple CoreCrypto FIPS Status
  • Next by thread: Re: [Fed-Talk] Apple CoreCrypto FIPS Status
  • Index(es):
    • Date
    • Thread