OpenSSL *source* to get FIPS 140-2 Level 1 certification
Wei Dai
weidai at weidai.com
Sat Sep 6 15:33:44 EDT 2003
On Sat, Sep 06, 2003 at 07:33:55PM +0100, Ben Laurie wrote:
> Prepare to be very surprised, then.
Do you have *written* guidance from NIST/CSE that your approach is ok?
(Not the testing lab, what they say don't really count in the end, and
neither does what NIST/CSE say verbally.) If so can you please post that
written guidance?
> This is all good fun, coz I'm mandating static libraries for OpenSSL, so
> that the evidential chain can be maintained (its hard to find a DSO in a
> cross-platform manner so you can checksum it).
If NIST/CSE is really allowing OpenSSL source code and static libraries to
be validated, I should go back to them and demand the same treatment for
Crypto++. Who have you been working with on the government's side?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list