On 10/19/2011 6:15 PM, Kevin Chadwick wrote:
I shall have to try and find the time to chase this story to a more technical level. I rarely find the time these days :-(
As far as I can tell, they're implementing an SSL stack that could be approved under NIST and NSA crypto requirements. If they implement RSA and AES with the NIST FIPS 140-2 stamp of approval they could support sensitive but unclassified material. If they implement NSA Suite B (elliptic curve crypto) it could support classified communications.
The "security" described is in terms of cryptographic security for data in flight. It has nothing to do with proper access control policies, protection against mobile malware, kernel integrity, etc. Really this is just a pro-forma step necessary to allow DOD to use Android. For Blackberry, both the OS and the secure email apps have vetted crypto implementations. For Android only the apps have been vetted (a number of secure VOIP and email apps) which is creating a policy hurdle for those wishing to deploy Android within the military.
- tcc -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
