[30766] in Kerberos
Re: FIPS certification
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Sat Feb 28 00:47:33 2009
From: Ken Raeburn <raeburn@MIT.EDU>
To: Randy Turner <rturner@amalfisystems.com>
In-Reply-To: <4B9CCCB7-39A7-4783-8C2F-64DFCE1E36E0@amalfisystems.com>
Message-Id: <EFF8FF6C-A655-4F1B-A28B-9DCC830BAA67@mit.edu>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Sat, 28 Feb 2009 00:46:48 -0500
Cc: kerberos@MIT.EDU
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
On Feb 28, 2009, at 00:29, Randy Turner wrote:
> I haven't completely analyzed MIT Kerberos, but I was wondering if
> it would be possible to get the MIT Kerberos subsystem to use the
> OpenSSL crypto API for any cryptographic support needed for Kerberos?
Not trivially. There's no reason it couldn't be adapted to the
OpenSSL crypto API (or the Apple CommonCrypto API, or anybody else's,
providing they provide all the basic functions), and it's been
discussed before, but the work hasn't been done yet.
> I'm assuming that MIT Kerberos has not been FIPS certified.
That's correct.
Ken
--
Ken Raeburn, Senior Programmer Analyst
MIT Kerberos Consortium http://www.kerberos.org/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
