As always, if you don't know or care what FIPS 140-2 is then count
yourself lucky and move on (in this case, count yourself *very* lucky).

We have -- we think -- a workaround for the "hostage" issue that was
blocking the addition of new platforms to the OpenSSL FIPS module
validation via "change letter" updates. That issue impacted several
platform updates that were already in process (the "hostages").

The workaround is messy, ugly, and complex in the finest tradition of
bureaucratic molehill-to-mountain obfuscation. An attempt to describe it
can be found here:

  http://openssl.com/fips/ransom.html

The TL;DR is that the current #1747 validation becomes three validations
that share the same OpenSSL FIPS module (more or less). So, actual use
and deployment of the FIPS module will be the same as before and all
previously tested platforms remain available (that's the big win).
Compliance paperwork will require some careful attention to the multiple
validations which will overlap the same module (the downside). Confusion
is inevitable, feel free to post questions to this list.

-Steve M.

-- 
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to