OpenSSL *source* to get FIPS 140-2 Level 1 certification

[Wei Dai]

On Sat, Sep 06, 2003 at 07:33:55PM +0100, Ben Laurie wrote:
> Prepare to be very surprised, then.

Do you have *written* guidance from NIST/CSE that your approach is ok?
(Not the testing lab, what they say don't really count in the end, and
neither does what NIST/CSE say verbally.) If so can you please post that
written guidance?

> This is all good fun, coz I'm mandating static libraries for OpenSSL, so
> that the evidential chain can be maintained (its hard to find a DSO in a
> cross-platform manner so you can checksum it).

If NIST/CSE is really allowing OpenSSL source code and static libraries to
be validated, I should go back to them and demand the same treatment for
Crypto++. Who have you been working with on the government's side?

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com