Nathan Bardsley wrote: > Hello everyone! > > I work for a company that uses OpenSSH/OpenSSL to remotely support > systems we've sold. Since some of our clients are US Dept. of Defense > hospitals, our access to these servers needs to comply with a whole > range of requirements and standards. At this point it's looking like > the SSH daemon needs to be FIPS 140-2 compliant, and the only package > that is certified is F-Secure. > > The other option is for CliniComp to sponser getting OpenSSH/OpenSSL > through the certification process, and that's what I'm exploring. > > I'd really appreciate knowing what the core developers think about this, > and how willing they would be to assisting in the process. I know there > will need to be a fair amount of documentation, and there is no > subsitute for first-hand knowledge. Also, it seems pretty clear that at > least some code changes will be needed including self-tests, a new prng, > and work in the key generation & validation modules. > > While we (CliniComp) do have some resources including technical writers > and programmers, we certainly do not have the expertise in cryptography > to just do it all ourselves. And if this does happen, part of the point > would be for the necessary changes to be rolled back into the standard > package. > > Please understand that right now I'm just exploring possibilities, but > the other option for us is to spend a lot of money on F-Secure licenses. > > I would very much appreciate hearing your thoughts and from anyone else > interested in making this happen.
I'm interested, and would certainly support it. Of course, any changes made would have to fit in with our general view of the world, but unless FIPS 140-2 is completely broken I don't see why that would be a problem. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
