Steve Marquess wrote:
Thor Lancelot Simon wrote:
On Thu, Sep 10, 2009 at 06:10:27PM +0200, Dr. Stephen Henson wrote:
> On Wed, Sep 09, 2009, Thor Lancelot Simon wrote:
>
>> On Sat, Aug 29, 2009 at 05:34:04PM -0400, Steve Marquess wrote:
>>
>> That this wasn't the obvious approach from the very beginning
>> speaks worlds about the limitations of the ENGINE interface.
>>
> The actual story of why FIPS is the way it is is rather different.
> I think a few home truths are in order on this and some related
> issues.
... The reality is that OpenSSL, unlike Apache or Linux or OpenSSH or
Cygwin or almost any other significant open source product you care to
think of, has never had any significant corporate backing. ...
I should not have included OpenSSH in this list. I think OpenBSD has
have some recurring government funding but AFAIK OpenSSH proper hasn't.
The point stands though (substitute, say, Samba).
OpenSSH is another missed opportunity example. As a consultant in the
U.S. DoD environment I know that OpenSSH is widely used there in spite
of missing several key features (x.509 and FIPS mode support, native
Windows server). Inclusion of those capabilities would save the U.S.
taxpayer a bundle. Then again, a good part of my consulting income
comes from working around such limitations in open source products and
there must be hundreds of other consultants and companies in the same
position. We all benefit from the largess of the taxpayer when far
fewer total dollars could put the required functionality right in the
product baseline for all to share. Waste comes in many forms.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org