OpenSSL *source* to get FIPS 140-2 Level 1 certification
Thor Lancelot Simon
tls at rek.tjls.com
Mon Sep 15 13:25:02 EDT 2003
On Mon, Sep 15, 2003 at 12:57:55PM -0400, Wei Dai wrote:
>
> I think I may have found such a written guidance myself. It's guidance
> G.5, dated 8/6/2003, in the latest "Implementation Guidance for FIPS
> 140-2" on NIST's web site:
> http://csrc.nist.gov/cryptval/140-1/FIPS1402IG.pdf. This section seems
> especially relevant:
>
> For level 1 Operational Environment, the software cryptographic module
> will remain compliant with the FIPS 140-2 validation when operating on
> any general purpose computer (GPC) provided that:
>
> a. the GPC uses the specified single user operating system/mode
> specified on the validation certificate, or another compatible single
> user operating system, and
>
> b. the source code of the software cryptographic module does not
> require modification prior to recompilation to allow porting to another
> compatible single user operating system.
> (end quote)
>
> The key word here must be "recompilation". The language in an earlier
Unfortunately, another key set of words is "single user". This would seem
to significantly limit the value of a software-only certification...
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list