[bind10-dev] BIND10 in FIPS 140-2 environment
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Tue Mar 19 17:29:53 UTC 2013
At Tue, 19 Mar 2013 12:39:53 +0100,
Adam Tkac <atkac at redhat.com> wrote:
> if I understand BIND10 correctly, botan is currently only one supported
> cryptographic library. Although from developer point of view it's absolutely OK,
> this decision can have serious consequences for BIND10 in FIPS 140-2 certified
> environments (like governments or financial/health-care companies) because botan
> is not certified cryptographic library.
>
> May I ask you if there are any plans to port BIND10 to some certified library?
> (openssl/nss/libgcrypt). If no, will you accept contribution of patchset which
> will add possibility to link BIND10 against openssl, for example? Or you prefer
> to stay with botan, even if it can disable deployment of BIND10 in FIPS 140-2
> environments?
My personal understanding is:
- We don't have a specific plan of supporting other crypto libraries
than Botan at the moment.
- But we were aware of the need for that so we generally use Botan via
our internal wrapper in case we want to switch to other library make
the choice configurable.
- And, (in my understanding) we are happy to accept a contributed
patch to support other libraries. When we can review and integrate
it would generally be a priority matter, though.
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind10-dev
mailing list