>> FIPS validated cryptography is mandated on endpoints which handle >> sensitive information by the US Federal Government (though current >> practice includes "procurement", not necessarily "implementation").
> Thanks David and kyle for your time. > Kyle, > "though current practice includes "procurement", not necessarily "implementation" > I did not understand the above statement? Can you elaborate.. He means that FIPS-validated cryptography is mandated, by current practice, when cryptographic solutions are procured and not necessarily when they are implemented. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org