Comment by tptacek
3 years ago
Which "compliance domains" are you thinking of that require FIPS crypto for access VPNs? Be specific, if you can? Thanks!
3 years ago
Which "compliance domains" are you thinking of that require FIPS crypto for access VPNs? Be specific, if you can? Thanks!
Say you were a county social services department. You wish to use Tailscale to microsegment federal tax data (subject to IRS 1075 safeguards requirements) relating to your child support unit from other traffic (say Medicaid enrollment) which does not have that requirement.
I’m pretty confident that you would draw an audit finding for that reason with a pure tailscale solution. (I also think that’s bullshit.)
1075 does not appear to require that access VPNs use FIPS cryptography. Arguably, it would if you were relying exclusively on WireGuard for data protection, but it's uncommon for people to do that (we're WireGuard true believers and we do in places depend on WireGuard authentication and encryption for our security model, but it's a weird enough thing to do that we notice it when we do it).
See section 4.18, control SC-13.
2 replies →
> Be specific, if you can? Thanks!
Too many ChatGPT interactions lately, I suspect.