.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
approves the revised version that was
submitted last Thursday. That will take perhaps another week, then the
software vendors will need to rework their applications accordingly.
Only then will you have patches to apply.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED
with the new
algorithm and FIPS 140-2 certificate numbers and the digest given above,
but the build/install instructions will not change.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED]
__
OpenSSL
for the purpose of modifying the
default OpenSSL FIPS Object Module build is not going to be considered
acceptable.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenSSL Project
be used as-is, only that the integrity of
fipscanister.o be verified at application link time with respect to
fipscanister.o.sha1. So yes, you can perform that double link in
another equivalent fashion.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED
Kyle Hamilton wrote:
As has been mentioned numerous times by Steve Marquess, the FIPS
validation process is fraught with peril. It is entirely, from what I
gather, rather like playing Chutes Ladders with a constantly-changing
board.
I have been holding off on making any announcements
very much!!
Please see http://www.openssl.org/docs/fips/ for the User Guide
(appendix B in particular) and sample test vectors.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenSSL Project
for the show of support as the monetary value. 100% of all donations
(minus the hefty PayPal fees) will go directly to OpenSSL team members.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu
/Mastercard) merchant account, but the recurring fees for that
would eat up much of what is typically received in donations (and I
don't expect the current volume of donations to continue indefinitely).
I am looking into the suggestions for Bitcoin payments.
-Steve M.
--
Steve Marquess
OpenSSL
are obviously
suspect, others will need to be carefully vetted.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com
.
If there was enough money at stake then I would run not walk to said
attorney and accountants and pay them to create/convert an appropriate
non-profit legal entity. I don't see that making financial sense though,
even with the recent boost in donations.
-Steve M.
--
Steve Marquess
OpenSSL Software
professional services, I can tell you
that you don't just set up a corporation for $500-$750. Not a real
functioning entity with real clients and real revenues, insurance,
employees, subcontractors, etc.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD
, refactoring, documentation, the backlog of worthy patch
contributions, etc.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http
work we are doing for them.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
of necessary OpenSSL development and maintenance activities. I still
believe that to be the case, but am reminded by all of these donations
that the OpenSSL team members are not the only ones who feel a
responsibility for electronic security and privacy around the world.
-Steve M.
--
Steve
the issue of perceptions does matter, we
don't need that distraction, 2) U.S. export controls make it challenging
for U.S. citizens to work on cryptography (BTDT myself), 3) it gives me
a handy excuse to avoid admitting that I'm not smart enough to work on
the code.
-Steve M.
--
Steve Marquess
them manually or throwing together something automagical.
So apologies again for my negligence in keeping up with those. I'll get
there eventually. I hope.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874
as well as Paessler AG.
Total donations for April are about US$23,000; more than all previous
donations combined.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
-direct-to-the-openssl-project
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
file of that logo too, but not the skill to use it.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs
duplicating effort.
I will make a note though just in case those first two don't work out
for any reason.
Thanks,
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
asked
for volunteers willing to bask in the warm glow of accomplishment and
gratitude in lieu of any tangible remuneration.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu
consider a new logo for OpenSSL that's a bit more
modern and representative of what you guys do.
Any bonus points for doing it all in GIMP or Inkscape?
Yes, extra bonus points for open source tools :-)
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
the prospective user of our first OpenSSL Sponsor logo
and they chose this one:
http://opensslfoundation.com/testing/data/openssl-platinum-sponsor-logo.jpg
from JAaron Anderson.
Thanks to everyone who sent a logo. I was thrilled to have so many choices.
-Steve M.
--
Steve Marquess
OpenSSL Software
The OpenSSL project recently received a donation of US$500 from Nick
Shapley on behalf of Pen Test Partners (http://www.pentestpartners.com/).
Thank you Nick and Pen Test Partners!
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1
cautiously optimistic that we'll be able
to announce something in about a week.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key
The OpenSSL Software Foundation.
Thank you Globalsign.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs
and
maintained. This donation is some pretty significant support :-)
Thank you Smartisan Technology, and Mr. Yonghao Luo.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu
of many years should not go
unnoticed and unrecognised. Please accept our thanks as you have saved
us a lot of time and money.
A platinum sponsorship is a truly excellent way to say thanks :-)
Thank you Huawei!
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
On 05/28/2014 05:18 PM, Frans de Boer wrote:
On 05/28/2014 10:05 PM, Steve Marquess wrote:
Please accept our thanks as you have saved
us a lot of time and money
Yes, quite an understatement :\
Now a state sponsored company is sponsoring openssl.org? The bigger the
country, the higher
and revitalize OpenSSL. I hope
we'll have some detailed plans to share publicly in a week or two.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg
On 05/29/2014 11:39 AM, Steve Marquess wrote:
I am very pleased to announce that the Linux Foundation Core
Infrastructure Initiative (CII),
http://www.linuxfoundation.org/programs/core-infrastructure-initiative,
has extended full time fellowships to Stephen Henson and Andy
Polykov ...
Oops
funding of this sort is especially useful as it allows for
long range planning. In the aggregate such sustainable funding will
allow us to embark on major long term objectives.
Thank you Milton Security Group and Jim McMurry!
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount
of coherence.
In the meantime we greatly appreciate the patience and support shown by
so many of you in the OpenSSL community.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu
^11+2^8 dollars ($2,304).
Thank you Victor and VT Enterprise!
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http
I am pleased to announce the addition of Emilia Kasper to the OpenSSL
team (see https://www.openssl.org/about/).
This brings us up to twelve active team members and adds some strong
cryptographic skills.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
I am pleased to announce the addition of Rich Salz and Kurt Roeckx to
the OpenSSL team (see
https://www.openssl.org/about/).
They both bring a long record of past contributions.
This brings the count up to fourteen.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount
to retroactively remove Dual EC DRBG from that as well. If
that approval is not given we'll be in the odd position of
re-introducing Dual EC DRBG with revision 2.0.7 when that is eventually
approved.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD
to this point, but
that's not for lack of vigorous activity on the part of the team. We're
keenly aware that we have a long haul ahead of us and wanted to be sure
we started off in the right direction with the right objectives.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount
weeks poll. The most voted project is awarded a
donation (https://airvpn.org/topic/10122-guidelines). The OpenSSL
project was the top contender for all the proposed May projects with a
poll held in June.
Thank you AirVPN, and AirVPN community!
-Steve M.
--
Steve Marquess
OpenSSL Software
management folks make the call.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
)
is no longer usable as-is for copycat validations.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs
securely). A new validation will be necessary. You will find such a
validation a significant challenge even without the source code mods you
contemplate.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874
of
that document. That error has been reported and should be corrected in a
few days.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com
(this is available in patches from Roumen Petrov).
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs
done at once). Anything running Linux
*probably* qualifies as uncomplicated.
If you can afford to wait long enough there is always the chance that
someone else will sponsor the specific platform that you want.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
upgrade to OpenSSL 1.0.1 and the 2.0 FIPS
module, the most current revision of which is 2.0.7. The *combination*
of that FIPS module and OpenSSL, the FIPS capable OpenSSL, will
support TLS 1.2 and (if properly built) contain a FIPS 140-2 validated
cryptographic module.
-Steve M.
--
Steve Marquess
On 09/01/2014 06:55 AM, Gayathri Manoj wrote:
Hi All,
Please let me know how can I see the FIPS certificate for
openssl-fips-1.2.4.
Thanks,
Gayathri
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1051
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc
unless you feel removal of Dual EC DRBG warrants such an upgrade.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http
in particular.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
similar change letter approvals take
as little as a few weeks (though that was years ago) and as long as six
months.
My best guest is perhaps three months (taking into account the slowdown
over the upcoming holiday season), so I hope to see 2.0.9 out sometime
in mid February.
-Steve M.
--
Steve
problem. I have discussed that issue in a personal blog
entry:
http://veridicalsystems.com/blog/immutability-of-fips/
for those who care to stare into that abyss.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s
.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
We've been experiencing some issues with the system that handles
@openssl.org E-mail and the mailing lists. The hardware vendor will be
swapping the system board Tuesday Dec. 23 beginning at 1200UTC. The
outage is expected to take approximately two hours.
-Steve M.
--
Steve Marquess
OpenSSL
.
Thank you Smartisan Technology, and CEO Mr. Yonghao Luo. I hope that in
roughly a year from now with the release of OpenSSL 1.1 you will be
pleased with what we have accomplished.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673
of that module would not have been possible.
Thank you Oracle!
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation Inc.
20-22 Wenlock Road
London N1 7GU
United Kingdom
+44 1785508015
+1 301 874 2571 direct
marqu...@opensslfoundation.org
ste...@openssl.org
have worse
problems than a non-functioning FIPS module.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com
to pay and wait for your
own custom validation of the modified code).
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http
On 01/26/2015 06:21 PM, jone...@teksavvy.com wrote:
On Fri, 16 Jan 2015 10:16:48 -0500
Steve Marquess marqu...@openssl.com wrote:
On 01/15/2015 05:52 AM, Marcus Meissner wrote:
On Linux usually triggered by /proc/sys/crypto/fips_enabled
containing 1 or the environment variable
it easier for vendors like you to
pursue private proprietary validations would be of interest to a far
smaller subset. We have enough demands on our limited resources as it is
to expend them on such a limited constituency.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount
certification?
(Is this written up anywhere?)
The OpenSSL FIPS Object Module v2.0, validation certificate #1747,
remains available for use with (to date) 102 formally tested platforms:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747
-Steve M.
--
Steve Marquess
OpenSSL
On 01/26/2015 06:21 PM, jone...@teksavvy.com wrote:
On Fri, 16 Jan 2015 10:16:48 -0500
Steve Marquess marqu...@openssl.com wrote:
On 01/15/2015 05:52 AM, Marcus Meissner wrote:
On Linux usually triggered by /proc/sys/crypto/fips_enabled
containing 1 or the environment variable
On 01/27/2015 11:09 AM, jonetsu wrote:
Steve Marquess marqu...@openssl.comwrote on 01/27/15 09:18: Thank
you (and Tom) for your comments - much appreciated.
Tom Francis nailed the answer to this one. We did design the FIPS
module + FIPS capable OpenSSL combination to make it possible
it easier for vendors like you to
pursue private proprietary validations would be of interest to a far
smaller subset. We have enough demands on our limited resources as it is
to expend them on such a limited constituency.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount
preferable to use the latest revision as that will be valid for all
tested platforms.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp
with declarations and
import duties for computer gear; I have no idea what's involved with
recuperative beverages.
But I volunteer to drink it and tell my colleagues how good it was :-)
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877
://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf
which is worth referencing for any does the OpenSSL FIPS Object Module
have X questions.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571
paperwork will require some careful attention to the multiple
validations which will overlap the same module (the downside). Confusion
is inevitable, feel free to post questions to this list.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
___
openssl
standards and also from the OpenSSL FIPS
Object Module).
Now the code for the OpenSSL FIPS module can no longer be used as-is for
new private label or copycat validations, but that's for different
reasons and not because of the DRBGs.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc
.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
. - thanks.
I wasn't aware the Linux kernel (the real one, not proprietary
commercial derivatives) had a FIPS mode. Please enlighten me.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu
.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
On 03/27/2015 04:45 AM, Henrik Grindal Bakken wrote:
Steve Marquess marqu...@openssl.com
writes:
If the CMVP bureaucracy insists on a specific kernel version
for the platform number, this should be one of the Long Term
Support kernel releases to maximize longevity (assuming that
regular OS
the platform validation costs.
The hard part has always been funding the initial new validation.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
;DR crowd.
Make it clearer may not be enough as I've already attempted and failed
at that. Specific suggested edits perhaps?
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu
as documented.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
On 02/24/2015 10:26 PM, Tom Francis wrote:
...
Steve Marquess: Is the document (which IIRC, you published back
before the first validation) on how/why the FIPS Object Module was
coded still available somewhere? If so, that’d probably be a good
starting point for people who post questions
up.
Feel free to contact me directly for specific suggestions or to
coordinate with other stakeholders.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu
, and anomalies...
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
unfortunately. At the moment any spare
time I have available for FIPS issues is spent addressing yet another
existential threat to the open source based validations.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
On 03/26/2015 01:41 PM, Jakob Bohm wrote:
On 26/03/2015 16:56, Steve Marquess wrote:
On 03/26/2015 11:30 AM, John Foley wrote:
We looked at this very briefly a couple of years ago. In theory, there
may be a way to achieve the goal as a loadable kernel module (a.k.a.
device driver). The idea
On 03/24/2015 01:27 PM, jonetsu wrote:
From: Steve Marquess marqu...@openssl.com Date: 03/24/15 12:38
No, the OpenSSL FIPS module 2.0 code is no longer suitable (as of
early 2014) for use as-is in doing copycat validations. Some
non-trivial code hacks will be necessary.
We'll do
On 03/25/2015 06:26 PM, jone...@teksavvy.com wrote:
On Wed, 25 Mar 2015 17:03:04 -0400
Steve Marquess marqu...@openssl.com wrote:
I wasn't aware the Linux kernel (the real one, not proprietary
commercial derivatives) had a FIPS mode. Please enlighten me.
It could very well
awkward fit in the Linux
ecosystem. We'd still consider tackling that, with financial
sponsorship, but we have no prospects for such.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu
there, most of
those operating systems are neither CC certified nor have any other FIPS
140-2 validated crypto. Keep in mind that at Level 1 the validation
applies to the cryptographic module, not the calling application that
uses that module nor the operating system that runs it.
-Steve M.
--
Steve
I'm only discussing Level 1 validations here; Levels 2 and up are
different.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key
.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
On 04/14/2015 09:42 AM, jonetsu wrote:
From: Steve Marquess marqu...@openssl.com Date: 04/14/15 09:31
and note that of the 101 platforms (OEs) appearing there, most
of those operating systems are neither CC certified nor have any
other FIPS 140-2 validated crypto. Keep in mind
/review the existing code. The code itself is open source, so
as Obi-Wan said, use the source, Luke.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu
on Linux-aarch64?
When we have a sponsor to cover the non-trivial costs of a platform
validation.
We're working on some iOS and Android ARMv8 platforms, but have nothing
planned for Linux on ARMv8.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown
.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
are a such a stakeholder and would like to participate in those
discussions please let me know (contact info below) and I'll make the
appropriate introductions.
-Steve M.
[*] see http://openssl.com/fips/aftermath.html
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
expect to receive permission from at least some of the
directly impacted platform sponsors to supply information for revised
platform descriptions. Once those are up, then you can panic.
New developments will be noted in this new web page.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation
of the challenge of
completing any validation action with any kind of predictable budget or
schedule. The imposition of retroactive changes on previously approved
validations is a disturbing new development.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
the latter. Instead they were forced to choose
between preserving their platforms and adding new platforms, which led
us down the ransom path and months of delay...
-Steve M.
[*] See http://openssl.com/fips/hostage.html,
http://openssl.com/fips/ransom.html
--
Steve Marquess
OpenSSL Software
that the OpenSSL FIPS module already has a Level 1 validation can help.
But, FIPS 140-2 is a tricky business so you should consult with your
accredited FIPS 140-2 test lab for advice specific to your unique
circumstances.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
://openssl.com/fips/hostage.html
[***] http://openssl.com/fips/aftermath.html
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http
201 - 300 of 416 matches
Mail list logo