On Fri, 11 Jan 2002, Carlos mario Ospina Anzola wrote: > That's Right, We're willing to use OPENCA as our certification software. > > My company is the first Certification Authority under the colombian law. An > one of the law requirement is that the cryptographic module compliants with > fips 140.
OK. That's normal. What is called cryptographic module is not OpenSSL in itself, it's the token that generates and operates the private keys used by your CA. You should take a look at the 'engines' supported by OpenSSL, these are hardware tokens, and I'm sure some of them have been FIPS140-1 evaluated. That way you could use OpenSSL (OpenCA) and still be compliant with your law. > ----- Original Message ----- > From: "Jeffrey Burgoyne" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, January 11, 2002 9:38 AM > Subject: Re: FIPS 140 > > > > > > I believe (as this question has been asked before) that FIPS-140 is also > > machine/OS specific and would have to performed for every new > > version. The fact is, FIPS-140 compliance as it stands now makes little > > sense for openssl. It is really proving to be a challenege for a company i > > know developing a Java based product. > > > > Jeff > > > > On Fri, 11 Jan 2002, Erwann ABALEA wrote: > > > > > On Thu, 10 Jan 2002, Carlos mario Ospina Anzola wrote: > > > > > > > Anybody knows if openssl is FIPS 140-2 compliant? > > > > > > > > I want to use it at work, but the law request a cryptographic module > that > > > > should be FIPS 140-2 compliant. > > > > > > OpenSSL is free software in development, and to obtain a FIPS > validation, > > > someone has to pay a lot of $$. > > > > > > So no, OpenSSL is not FIPS xxx-yyy compliant, whatever xxx and yyy are. > > > > > > You can pay to let OpenSSL go through the process of FIPS validation, if > > > you want... > > > > > > -- > > > Erwann ABALEA > > > [EMAIL PROTECTED] > > > RSA PGP Key ID: 0x2D0EABD5 > > > ----- > > > ``The value of a technical conversation is inversely proportional > > > to how well the participants are dressed.'' > > > Larry McVoy > > > > > > ______________________________________________________________________ > > > OpenSSL Project http://www.openssl.org > > > User Support Mailing List [EMAIL PROTECTED] > > > Automated List Manager [EMAIL PROTECTED] > > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > -- Erwann ABALEA [EMAIL PROTECTED] RSA PGP Key ID: 0x2D0EABD5 ----- "Computers are useless. They can only give you answers" - Pablo Picasso ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
