> On Fri, Sep 05, 2003 at 04:05:07PM -0400, Rich Salz wrote: > > It is the first *source code* certification. > > The ability to do this runs counter to my understanding of FIPS 140-2.
Sure, that's why it's *the first.* They have never done this before, and it is very different to how they (or their Ft Meade experts) have done things before. I suppose one could argue that they're doing this for Level 1 to increase the industry demand for Level 2, but I'm not that paranoid. I think they finally "get it." Also, while I don't know anything beyond what's in the public email, but based on the initial refeference platform I'll jump to some conclusions about who's involved, and they're folks with a great deal of credibility, experience, and influence in export and govt crypto issues. Anyhow, if you are interested in details, read the articles (3 at last check) in the thread from the original URL I posted. You did read before posting, right? :) /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]