Modules are evaluated in specific contexts, though, and the Apple CoreCrypto and CoreCrypto Kernel modules are being evaluated in the context of iOS 6 and OS X 10.8. Prior versions of iOS and OS X will not be applicable to the certificates. I will defer to Shawn Geddis if he chooses to provide any more explanation than this.
-- Walter Rowe, Hosting ServicesEnterprise Systems / OISMEmail: email@hiddenWork: 301-975-2885
On May 1, 2013, at 1:01 PM, William Cerniuk < email@hidden> wrote: Another important factoid, our friends at NIST do not validate operating systems, they validate cryptographic modules. Easy to lose sight of this and then worry about the OS version which is of no consequence. It is all about the module version.
An easy way to think about this is like a computer chip. If the computer chip performed the cryptographic operations, it would be a cryptographic module. You could use that chip in a Mac, an iPhone, a Dell, or in an Infiniti G37 and it does not change the certification. (as long as it is all self contained in the chip) -- R/Wm. On May 1, 2013, at 12:34, Neal Emerald < email@hidden> wrote: Peter,
The comment was to clarify a statement you had made:
"Remember, CoreCrypto is brand new so it hasn't been in OSX" - this made it sound like CoreCrypto is not in 10.8.
The statement was to simply reiterate that CoreCrypto is in OS X 10.8 and is being validated for 10.8. The comment was copied right out of Shawn's e-mail.
My apologies if I misinterpreted your statement.
Regards,
Neal On May 1, 2013, at 9:56 AM, "Link, Peter R." < email@hidden> wrote:
Neal,
I don't understand your comment. 10.8 is the current OSX version, which I assumed would be the version Apple was getting approved. Of course, the modules pdf doesn't state the version so everyone
gets to guess. CoreCrypto was introduced in 10.7 (yes?) but I believe it wasn't necessarily the primary crypto module until 10.8. Either way, I know Shawn has said Apple doesn't seek approvals for previous OS versions simply because it doesn't make sense.
For those people still using 10.6, they can use the current FIPS 140-2 approval because CoreCrypto wasn't introduced yet. It's only the systems that are still at 10.7 that have to upgrade to 10.8 to make use of this approval (and should since 10.8 fixes a
lot of the 10.7 problems).
On Apr 30, 2013, at 7:24 PM, Neal Emerald < email@hidden> wrote:
Peter and company,
On Apr 30, 2013, at 10:00 AM, "Link, Peter R." < email@hidden> wrote:
I'm still around--
Walter is correct. Because it takes so long for the NIST process to complete, there's no reason to even attempt to go backwards. Remember, CoreCrypto is brand new so it hasn't been in OSX
CoreCrypto / CoreCrypto Kernel is being validated for use under OS X 10.8
and was just released in iOS. From what I understand, once CoreCrypto is approved, the next versions will be much easier to get new/upgrade approvals for. With iOS7 coming, getting the original CoreCrypto approved is a huge deal.
I am assuming the other three modules will move to the finalization step by next week or so. Once all four modules have been approved, Mac/iOS users should be able to go to their DAAs, CIOs, and IT managers and declare they are compliant!!!!!
On Apr 30, 2013, at 6:06 AM, "Rowe, Walter" < email@hidden> wrote:
Shawn has posted this many, many, many times now. This covers iOS6 only. No prior iOS version is covered.
--
Walter Rowe, Hosting Services
Enterprise Systems / OISM
Email: email@hidden
Work: 301-975-2885
On Apr 30, 2013, at 8:23 AM, "Milto, Jim W" < email@hidden> wrote:
Thanks this is good news.
So does what iOS versions does this crypto cover? Just the current iOS6? If not how far back?
-----Original Message-----
From: fed-talk-bounces+james.milto=email@hidden [mailto:fed-talk-bounces+james.milto=email@hidden]
On Behalf Of William Cerniuk
Sent: Monday, April 29, 2013 7:11 PM
To: Fed Talk
Subject: [Fed-Talk] NIST & iOS CoreCrypto Kernel Module
Entered stage 5. That is signatures and the assignment of the number. Victory dance on the device encryption!
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94551-0808
email@hidden
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
|