Flaws in OpenSSL FIPS Object Module
Steven M. Bellovin
smb at cs.columbia.edu
Mon Dec 10 14:49:44 EST 2007
On Mon, 10 Dec 2007 11:27:10 -0500
Vin McLellan <vin at theworld.com> wrote:
>
> What does it say about the integrity of the FIPS program, and its
> CMTL evaluation process, when it is left to competitors to point out
> non-compliance of evaluated products -- proprietary or open source --
> to basic architectural requirements of the standard?
>
"Integrity" or "ability"? We all know that finding problems in code or
architecture is *very* hard.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list