[14029] in cryptography@c2.net mail archive
Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification
daemon@ATHENA.MIT.EDU (Rich Salz)
Fri Sep 5 16:23:47 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 05 Sep 2003 16:05:07 -0400
From: Rich Salz <rsalz@datapower.com>
To: Joshua Hill <josh-crypto@untruth.org>
Cc: Anton Stiglic <astiglic@okiok.com>, cryptography@metzdowd.com
In-Reply-To: <20030905122658.A15619@delusion.private.untruth.org>
Anton Stiglic:
>>If I'm not mistaken, this would be the first free,
>>open-source, crypto library that has FIPS 140 module certification!
It is the first *source code* certification.
Joshua Hill:
> The two open-source projects that I'm aware of that have FIPS 140 certs
> are The Crypto++ Library, (cert 343, issued today) and The Mozilla
> project's NSS, which was certified by SUN under FIPS 140-1, levels 1
> and 2. (certs 247 and 248).
#343 is certifying a particular windows DLL for which source is
available. Similarly, 247 and 248 are particular instances of Windows
and Solaris libraries. In all three of those cases, you can take the
source and run it on your o/s, but you need to go get re-certified.
The more I think about it, the more amazing this is. Anyone in the world
can now build an SSL/TLS application and be FIPS 140-2L1 certified.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
