Alright. I'm certainly not suggesting that if you link to a FIPS-certified module, your entire product becomes FIPS-compliant -- as far as I understand, your app still has to go through the same testing procedures, it just doesn't have to go through quite the same crypto validation procedures.
(I do tend to read requirements documents myself; I'm trying to design something to sell to the US government, and I'm endeavoring to make it possible.) I do have another question, though: Is the ASN.1/BER/DER library considered to be part of the crypto library, and thus mandatory to use for ease of certification down the road? -Kyle H On 2/16/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > On Thu, Feb 16, 2006, Kyle Hamilton wrote: > > > Alright. Can you comment on if the source-level API is going to stay > > the same, at least? (If it's going to stay the same, then giving > > details on how to link with a version of OpenSSL that provides that > > API -- even if it's not the "FIPS-certified" version -- would allow > > users to get working on apps that need to make use of the API. If > > it's not, then I won't worry about it. If you can't comment, I'll > > assume it's not guaranteed static.) > > > > Well with the disclaimer than none of this is set in stone... > > The API is likely to stay the same. > > *What* you link to and *how* you do that may change. > > There are also various other things which an application will need to do to be > compliant, it is *not* just a case of successfully entering FIPS mode. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
