On Mon, Sep 15, 2003 at 12:57:55PM -0400, Wei Dai wrote:
I think I may have found such a written guidance myself. It's guidance
G.5, dated 8/6/2003, in the latest Implementation Guidance for FIPS
140-2 on NIST's web site:
http://csrc.nist.gov/cryptval/140-1/FIPS1402IG.pdf. This section
Rich Salz [EMAIL PROTECTED] writes:
Sure, that's why it's *the first.* They have never done this before, and it
is very different to how they (or their Ft Meade experts) have done things
before. I suppose one could argue that they're doing this for Level 1 to
increase the industry demand for
On Mon, Sep 08, 2003 at 10:49:02AM -0600, Tolga Acar wrote:
On a second thought, that there is no key management algorithm
certified, how would one set up a SSL connection in FIPS mode?
It seems to me that, it is not possible to have a FIPS 140 certified
SSL/TLS session using the OpenSSL's
On Fri, Sep 05, 2003 at 04:15:22PM -0400, Anton Stiglic wrote:
You are correct, I just saw Crypto++ in the list of FIPS 140 validated
modules:
http://csrc.nist.gov/cryptval/140-1/140val-all.htm
It is the latest entry, added today.
Congratulations to Wei Dai!
Thanks! Also thanks to Groove
Joshua Hill wrote:
On Fri, Sep 05, 2003 at 04:05:07PM -0400, Rich Salz wrote:
It is the first *source code* certification.
The ability to do this runs counter to my understanding of FIPS 140-2.
. and to experiences with the previous FIPS 140-1 certifications I was
involved in, including
On Fri, Sep 05, 2003 at 06:02:10PM -0400, Wei Dai wrote:
In fact they wouldn't even validate Crypto++ as a
static library despite an earlier verbal agreement that a static
library was ok. It had to be turned into a DLL at the last moment (i.e.
during the review phase).
That's unfortunate.
On Fri, Sep 05, 2003 at 04:05:07PM -0400, Rich Salz wrote:
It is the first *source code* certification.
The ability to do this runs counter to my understanding of FIPS 140-2.
Sure, that's why it's *the first.* They have never done this before,
and it is very different to how they (or their
Joshua Hill wrote:
On Fri, Sep 05, 2003 at 06:02:10PM -0400, Wei Dai wrote:
In fact they wouldn't even validate Crypto++ as a
static library despite an earlier verbal agreement that a static
library was ok. It had to be turned into a DLL at the last moment (i.e.
during the review phase).
Wei Dai wrote:
On Fri, Sep 05, 2003 at 04:15:22PM -0400, Anton Stiglic wrote:
You are correct, I just saw Crypto++ in the list of FIPS 140 validated
modules:
http://csrc.nist.gov/cryptval/140-1/140val-all.htm
It is the latest entry, added today.
Congratulations to Wei Dai!
Thanks! Also
This is termendously exciting. For the first time ever, NIST will be
certifying a FIPS 140 implementation based on the source code. As long
as the pedigree of the source is tracked, and checked at run-time,
then applications can claim FIPS certification.
For details:
++).
And OpenSSL crypto module runs on all kinds of platforms. Really nice!
--Anton
- Original Message -
From: Rich Salz [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, September 05, 2003 10:50 AM
Subject: OpenSSL *source* to get FIPS 140-2 Level 1 certification
On Fri, Sep 05, 2003 at 01:32:21PM -0400, Anton Stiglic wrote:
If I'm not mistaken, this would be the first free,
open-source, crypto library that has FIPS 140 module certification!
I believe that this is incorrect.
The two open-source projects that I'm aware of that have FIPS 140 certs
12 matches
Mail list logo