OpenSSL *source* to get FIPS 140-2 Level 1 certification
Rich Salz
rsalz at datapower.com
Fri Sep 5 21:17:14 EDT 2003
> On Fri, Sep 05, 2003 at 04:05:07PM -0400, Rich Salz wrote:
> > It is the first *source code* certification.
>
> The ability to do this runs counter to my understanding of FIPS 140-2.
Sure, that's why it's *the first.* They have never done this before,
and it is very different to how they (or their Ft Meade experts) have
done things before. I suppose one could argue that they're doing
this for Level 1 to increase the industry demand for Level 2,
but I'm not that paranoid. I think they finally "get it." Also,
while I don't know anything beyond what's in the public email, but
based on the initial refeference platform I'll jump to some conclusions
about who's involved, and they're folks with a great deal of credibility,
experience, and influence in export and govt crypto issues.
Anyhow, if you are interested in details, read the articles (3 at
last check) in the thread from the original URL I posted. You did
read before posting, right? :)
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list