I haven't made any announcements for some time because there has been
nothing to announce. We're still waiting. The last inquiries from the
CMVP, which seemed fairly routine and minor, were all (I believe)
satisfactorily responded to as of September 9. I have no indications
that the CMVP is deliberately delaying or rejecting this submission --
it is after all very similar to the previously validated submission
#918, only cleaner and tighter. I also have no indications that the
submission is currently under active review or when we may expect any
information on its status. Experience has shown that status inquiries
directed at the CMVP are counterproductive at best, so I'm in the dark.
To those companies and individuals I'm hearing from almost daily with
pending plans to use this validation, I'm sorry, I wish I could be more
helpful. A couple of months ago I was fairly confident that we would
have it Real Soon Now. Very similar to the prior validation, no
political opposition this time that I know of, cleaner tighter code and
documentation, pending validation backlog reportedly normal, what could
go wrong?
The shortest FIPS 140-2 validation I've participated in took about three
months, the longest over five years. So my current prediction is that
this validation will be awarded no later than April 2013. About the
time OpenSSL 1.6 is released :-)
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
