Flaws in OpenSSL FIPS Object Module

Steven M. Bellovin smb at cs.columbia.edu
Mon Dec 10 14:49:44 EST 2007

On Mon, 10 Dec 2007 11:27:10 -0500
Vin McLellan <vin at theworld.com> wrote:

> What does it say about the integrity of the FIPS program, and its
> CMTL evaluation process, when it is left to competitors to point out
> non-compliance of evaluated products -- proprietary or open source --
> to basic architectural requirements of the standard?
"Integrity" or "ability"?  We all know that finding problems in code or
architecture is *very* hard.  

		--Steve Bellovin, http://www.cs.columbia.edu/~smb

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list