[14130] in cryptography@c2.net mail archive
Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Sep 9 19:28:41 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 10 Sep 2003 00:25:37 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: Tolga Acar <t.acar@computer.org>
Cc: cryptography@metzdowd.com
In-Reply-To: <3F5CF2DF.1070107@computer.org>
Tolga Acar wrote:
> Well, that is sort of my point.
> SHA1 is not a signature algorithm, sha1-with-rsa is, and that RSA is not
> a certified algorithm in OpenSSL's FIPS 140 certification,
> sha1-with-rsa isn't, either.
> Perhaps, my understanding of the OpenSSL FIPS 140 certification is not
> entirely accurate.
My fault. RSA is not validated (there are no validation tests for it),
but it will be in the code we are submitting for certification.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
