Hacker News new | ask | show | jobs
by teacup50 4432 days ago
FIPS is actively harmful to security by virtue of being an empty and ill-conceived certification. Removing FIPS from an otherwise best available option is to the benefit of the industry at large.

By comparison, glossy marketing of a security effort offers no security benefits, and plenty of room within which to hide bad ideas such as FIPS.
1 comments
mhurron 4432 days ago
As others have said, the technical arguments against FIPS don't mean anything when a huge potential customer requires it.
link
worklogin 4432 days ago
And huge potential customers don't mean anything to a non-profit open source ecosystem that actually care about security.
link
mpyne 4432 days ago
When did Red Hat and Google become non-profits? Did I miss something?
link
nitrogen 4432 days ago
RedHat and Google can afford to add FIPS to their own Libre SSL if they want to stop using OpenSSL.
link