Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

FIPS is actively harmful to security by virtue of being an empty and ill-conceived certification. Removing FIPS from an otherwise best available option is to the benefit of the industry at large.

By comparison, glossy marketing of a security effort offers no security benefits, and plenty of room within which to hide bad ideas such as FIPS.



As others have said, the technical arguments against FIPS don't mean anything when a huge potential customer requires it.


And huge potential customers don't mean anything to a non-profit open source ecosystem that actually care about security.


When did Red Hat and Google become non-profits? Did I miss something?


RedHat and Google can afford to add FIPS to their own Libre SSL if they want to stop using OpenSSL.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: