Other OpenSSL-based crypto modules FIPS 140 validated?
Ben Laurie
ben at algroup.co.uk
Tue Oct 7 17:03:44 EDT 2003
Peter Gutmann wrote:
> "Nathan P. Bardsley" <nathan at player.org> writes:
>
>
>>Anecdotally, I've heard that there are many, but almost all of them were done
>>by vendors for embedding in their proprietary products.
>
>
> Ditto. The problem is that when vendors have spent $100K+ on the
> certification, they're very reluctant to give anyone else (and specifically
> their competitors) the benefits of their expenditure, so you end up getting
> the same thing re-certified over and over for private use, rather than a
> single generally-usable version being certified.
Which is, of course, what we are trying to fix. And yeah, there are
others using OpenSSL. And if they don't say so, they're in breach of the
licence.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list