[xyzzy123]

This is a great start. More or less all web sites are technically non-compliant with Australian government security standards (ISM) because TLS has diverged so widely from NIST and those standards dictate NIST approved cryptography.

Nobody cares, of course, but it causes pointless conversations and wasted time with auditors.

[tptacek]

I'm just pointing it out because I once confidently stated that Curve25519 illustrates everything that is wrong with FIPS, which would, on principle, never accept it, and was thoroughly served with the existence of this document. :)

(FIPS is very bad).

[xyzzy123]

I just want to run a "best-practice-ish" TLS setup and have that be compliant :(

Re: FIPS, agree that it is fractally bad [Fully realise I am preaching to choir].

The funny/sad part is that there are financial incentives to be able to say "yes" to customers inquiring about "FIPS compliance" which perpetuates the sham. Service providers (e.g. Amazon, Azure) then necessarily apply "compliance lawyering" (selective interpretation and omission) to give themselves a tick in the box. They can get away with this because their customers are also only pretending to care.

All this serves to create a false impression that "FIPS compliance" might be a real property of nontrivial systems rather than a form of expensive signalling.

I had a longer rant about that here: https://news.ycombinator.com/item?id=15215756