On 13 Aug 2014, at 8:53 am, Oren <theore...@hotmail.com> wrote: > Hi, > Anything you can do will be appreciated. > Regarding the FIPS concern, I hear you but it's never really that black and > white. > One way to look on it is as follows: > 1) Allowing pacemaker to compile with OpenSSL and without GnuTLS (original > post)
Without gnutls is (or should be) certainly possible. The relevant #ifdef's should be in place to allow this. Compiling with openssl, thats a less certain prospect - I can't imagine its a drop-in replacement. I wouldn't object to a patch if someone proposed one, but its not something I can imagine I will spend significant time on myself. Its certainly not a requirement that I've heard from anyone else so far. If that changes, I would certainly look at re-prioritizing it. > 2) Making pacemaker a FIPS approved software > Alt. 1 is Practical; Common (e.g., freetds RPM); Natural and Extends package > "availability" > (FIPS customers that are not allowed to use GnuTLS will have pacemaker in the > gray area rather than black) > Alt. 2 is Expensive; Takes time; but gains Certificated and Business > motivated. > > The less secure claim is also gray. These days it seems prudent to be suspicious whenever a particular government and cryptography are mentioned in the same sentence. Especially when they are mandating the "one true version" of a piece of software to be used everywhere. > Major security fixes are nowadays released quickly (e.g., heartbleed). > Anyway, how users handle bugs in FIPS env. is not an HA community concern. > Best, > Oren > > _______________________________________________ > Pacemaker mailing list: Pacemaker@oss.clusterlabs.org > http://oss.clusterlabs.org/mailman/listinfo/pacemaker > > Project Home: http://www.clusterlabs.org > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf > Bugs: http://bugs.clusterlabs.org
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
