If a vendor backdoors a product, and it is discovered by a researcher. Why would an org EVER trust that vendor again?
-
-
@attritionorg no, but fips 140 was a requirement and the only vendor allowed to supply the implementation that was certified was rsa bsafe -
@bertjwregeer so 2 documents/requirements would show that ultimately? can you send me links? -
@attritionorg nope, this is not a public project. -
@bertjwregeer FIPS-140 is public... no? -
@attritionorg yes, but the contract requiring rsa's bsafe implementation of fips 140 crypto is not public. -
@bertjwregeer that contract from the gov? if so, maybe open to FOIA? -
@attritionorg I wish it was open to scrutiny. Most of the requirements are insane/stupid and make no sense! -
@bertjwregeer i have no doubt .gov bureaucracy has created that exact situation. would love to see it exposed
End of conversation
New conversation -
-
-
@attritionorg due to extra testing and validation it had undergone.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.