This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCHv2] manual/crypt.texi: Mention FIPS 140-2 compliance and Secure RPC.
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: libc-alpha at sourceware dot org, Roland McGrath <roland at hack dot frob dot com>
- Date: Thu, 03 Oct 2013 16:55:42 -0400
- Subject: [PATCHv2] manual/crypt.texi: Mention FIPS 140-2 compliance and Secure RPC.
- Authentication-results: sourceware.org; auth=none
- References: <524CDC85 dot 5080000 at redhat dot com> <20131003195345 dot B942E2C070 at topped-with-meat dot com>
On 10/03/2013 03:53 PM, Roland McGrath wrote:
>> +@cindex AUTH_DES
>
> @vindex for an identifier.
Fixed.
>> +@cindex FIPS 140-2
>> It also provides support for Secure RPC, and some library functions that
>> -can be used to perform normal DES encryption.
>> +can be used to perform normal DES encryption. The use of DES when
>> +using @code{AUTH_DES} in Secure RPC for authentication as provided by
>> +@theglibc{} is not FIPS 140-2 compliant nor is any other use of DES
>> +within @theglibc{}. It is recommended that Secure RPC should not be used
>> +for systems that need to be FIPS 140-2 compliant since all forms of
>> +supported authentication use normal DES.
>
> Two spaces between sentences. "is not FIPS 140-2 compliant" is a bit
> awkward, especially since to my eye it should be "blah-compliant" rather
> than "blah compliant". I think "does not comply with FIPS 140-2" works
> better (and "need to comply with FIPS 140-2" later).
It's `blah-compliant' if it is a compound adjective modifying a noun
e.g. FIPS 140-2-compliant cryptography. The same rules apply for
command-line vs. command line.
In this case I was specifically talking about compliance without modifying
a noun. However your recommendation is better than the original wording.
Better?
v2
- Use @vindex for AUTH_DES
- Two spaces between sentences.
- Rewrote awkward sentence structure.
- Looked up what ONC+ calls AUTH_DES and it says "authentication flavor"
therefore use "flavor".
2013-10-03 Carlos O'Donell <carlos@redhat.com>
* manual/crypt.texi (Cryptographic Functions): Using SunRPC and
AUTH_DES will prevent FIPS 140-2 compliance. Add vindex for
AUTH_DES and cindex for FIPS 140-2.
(DES Encryption): Add cindex FIPS 46-3.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5423c05 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -30,8 +30,15 @@ message-digest algorithm that is compatible with modern BSD systems,
and the other based on the Data Encryption Standard (DES) that is
compatible with Unix systems.
+@vindex AUTH_DES
+@cindex FIPS 140-2
It also provides support for Secure RPC, and some library functions that
-can be used to perform normal DES encryption.
+can be used to perform normal DES encryption. The @code{AUTH_DES}
+authentication flavor in Secure RPC, as provided by @theglibc{},
+uses DES and does not comply with FIPS 140-2 nor does any other use of DES
+within @theglibc{}. It is recommended that Secure RPC should not be used
+for systems that need to comply with FIPS 140-2 since all flavors of
+encrypted authentication use normal DES.
@menu
* Legal Problems:: This software can get you locked up, or worse.
@@ -203,6 +210,7 @@ header @file{crypt.h}.
@node DES Encryption
@section DES Encryption
+@cindex FIPS 46-3
The Data Encryption Standard is described in the US Government Federal
Information Processing Standards (FIPS) 46-3 published by the National
Institute of Standards and Technology. The DES has been very thoroughly
---
Cheers,
Carlos.