Security Policy: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
Line 15: Line 15:




== Results of FIPS 140-2 Level 2 Validation of NSS Cryptographic Module 3.11.5 ==
<table width="100%" border="1" cellspacing="2" cellpadding="2">
          <tr>
            <td valign="Top" align="Center"><font size="+1"><b>FIPS 140-2<br>Section<br>
            </b></font></td>
            <td valign="Top" align="Center"><font size="+1"><b>Description<br>
            </b></font></td>
            <td valign="Top" align="Center"><font size="+1"><b>Validation<br>      Level <br>Obtained<br>


            </b></font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">1.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Cryptographic Module Specification<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">2.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Cryptographic Module Ports and Interfaces<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">3.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Roles, Services, and Authentication<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">4.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Finite State Model<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">5.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Physical Security<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">6.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Operational Enviroment<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">7.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Cryptographic Key Management<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">8.0<br>
            </font></td>
            <td valign="Top"><font size="+1">EMI/EMC<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">9.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Self-Tests<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2</font><br>
            </td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">10.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Design Assurance<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
            <tr>
            <td valign="Top" align="Left"><font size="+1">11.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Mitigation of Other Attacks<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">C<br>
            </font></td>
            <td valign="Top"><font size="+1">Cryptographic Module Security Policy<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
</table>


== Platform List ==
== Platform List ==

Revision as of 20:53, 23 March 2007

This is a draft document.

Security Policy


Authentication Policy

Platform List

  • Level 1
    • Red Hat Enterprise Linux 4 x86
    • Windows XP Service Pack 2
    • 64-bit Solaris 10 AMD64
    • HP-UX B.11.11 PA-RISC
    • Mac OS X 10.4
  • Level 2
    • Red Hat Enterprise Linux 4 x86_86
    • 64-bit Trusted Solaris 8 SPARC

References

[1] P. Kocher, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," CRYPTO '96, Lecture Notes In Computer Science, Vol. 1109, pp. 104-113, Springer-Verlag, 1996. (http://www.cryptography.com/timingattack/)

[2] D. Boneh and D. Brumley, "Remote Timing Attacks are Practical," http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html.

[3] C. Percival, "Cache Missing for Fun and Profit," http://www.daemonology.net/papers/htt.pdf.

[4] N. Ferguson and B. Schneier, Practical Cryptography, Sec. 16.1.4 "Checking RSA Signatures", p. 286, Wiley Publishing, Inc., 2003.

Retrieved from "https://wiki.mozilla.org/index.php?title=Security_Policy&oldid=52835"