Re: [Fed-Talk] [FIPS 140-2] iOS 6, DAR, DIT and … DOH!
Re: [Fed-Talk] [FIPS 140-2] iOS 6, DAR, DIT and … DOH!
- Subject: Re: [Fed-Talk] [FIPS 140-2] iOS 6, DAR, DIT and … DOH!
- From: Dave Schroeder <email@hidden>
- Date: Sat, 25 May 2013 14:18:09 -0400
On 2013-05-25 11:58, Shawn Geddis wrote:
Now, here's the million dollar question, Shawn:
Wouldn't it be great if Apple could formally document and maintain
all of the kinds of things you have brought up in the last few
messages here -- say, in a KB article -- instead of via semi-regular
dispensations of beatings on fed-talk? ;-)
For what it's worth, the reason people are asking these questions is
-- well, because they're valid questions, and what may be obvious to
you or other people intimately involved and invested in the process
may not be apparent to everyone...
- Dave
Dave,
I couldn't agree more, especially on the beatings! :-)
That is precisely why I have produced the KB Articles, FIPS Installers
and Cryptographic Role Guides for FIPS 140-2 Compliance ever since the
original CDSA/CSP module was validated for Mac OS X Snow Leopard
v10.6.
Oh yes, I should have been a bit more explicit in my response: you have
put together some fantastic documentation, and perhaps there are
legitimate gripes that some who complain haven't read them. But posts
like your "FAQ" tend to answer a lot of questions that people, well,
frequently ask. That's the sort of thing I'd like to see expanded upon.
Additionally, there are some very real questions such as those posed
about what happens when iOS 7 (or whatever) gets released, and in terms
of enforcing a non-upgrade policy across devices, for example. I think
some of these questions are rhetorical in nature, because we know that
with iOS and OS X, what often ends up happening is that we're stuck in
"security purgatory" until the processes-that-be are able to (re)certify
a newer version of the OS. This is not aided by the fact that Apple has
steadfastly chosen to not maintain a formal EOL policy for OSes, iOS and
OS X alike. Bootom like, though it may not have come across that way, my
message was intended to praise your contributions on these topics and to
encourage the development of perhaps something like a robust "FAQ",
which I'm sure would save many people aneurisms, and yourself many
repetitive keystrokes.
:-)
- Dave
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden