On 06.06.2012, at 01:07, Anthony Liguori wrote: > On 06/06/2012 06:06 AM, Paul Moore wrote: >> On Tuesday, June 05, 2012 11:51:40 PM Alexander Graf wrote: >>> On 05.06.2012, at 23:45, Paul Moore wrote: >>>> On Tuesday, June 05, 2012 03:08:26 AM Alexander Graf wrote: >>>>> Which gets me to a new idea. Why not exit(1) when we detect FIPS and a >>>>> password is set? I agree with the assessment that we should never >>>>> silently drop features. So the best way to make sure that the user knows >>>>> he did something stupid (enable FIPS, but require a non-FIPS compliant >>>>> authentication method) would be to just quit, no? >>>> >>>> That is basically what the patch does now. In vnc_display_open() if it >>>> detects that the user has supplied a VNC password it prints an error to >>>> stderr and returns an error which causes QEMU to exit. >>>> >>>> The error message displayed is shown below: >>>> >>>> "VNC password auth disabled due to FIPS mode, consider using the VeNCrypt >>>> or SASL authentication methods as an alernative" >>>> >>>> ... which seems pretty obvious to me. If anyone would prefer something >>>> different, let me know. >>> >>> No, as long as the spelling is actually correct and not the one above, >>> that's perfectly fine. >> >> What, not a fan of my "alernative" spelling? Fixed in the next version of >> the >> patch :) >> >>> I just have a habit of not reading the patches I comment on :). >> >> If nothing else, it makes the discussions much more interesting :) >> >>>> On Tuesday, June 05, 2012 09:23:04 AM Anthony Liguori wrote: >>>>> I think my primary requirement is: allow a user to use vnc authentication >>>>> even when fips mode is active by using some command line option. >>>> >>>> I'll agree that FIPS mode can be a bit silly in the case of QEMU and VNC >>>> but to be honest, that requirement above seems just as silly to me, if >>>> not more so. However, if making this behavior optional is what it takes >>>> to get the patch accepted, so be it. >>>> >>>> I'll start working on v4 of the patch tomorrow. >>> >>> Let's just wait for Anthony to reply ... >> >> Fine with me, I've got plenty else to do in the meantime and I don't think >> this is 1.1 material anyway. > > What's the actual requirement from FIPS for applications?
If I understood Roman correctly, there are 2 puzzle pieces to this. One (whose name I forgot) is responsible for making sure you use encryption at all, which authentication methods (retina scan, fingerprint, etc) are allowed and so forth. The other one (FIPS) is basically a list of encryption algorithms that are deemed OK and not crackable within seconds by anyone. Only one of the 2 doesn't help much. In combination they actually enhance security. This patch is only about FIPS though. Alex
