[14183] in cryptography@c2.net mail archive
Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification
daemon@ATHENA.MIT.EDU (Thor Lancelot Simon)
Mon Sep 15 13:34:55 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 15 Sep 2003 13:25:02 -0400
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: cryptography@metzdowd.com
Reply-To: tls@rek.tjls.com
In-Reply-To: <20030915125755.G29677@weidai.com>
On Mon, Sep 15, 2003 at 12:57:55PM -0400, Wei Dai wrote:
>
> I think I may have found such a written guidance myself. It's guidance
> G.5, dated 8/6/2003, in the latest "Implementation Guidance for FIPS
> 140-2" on NIST's web site:
> http://csrc.nist.gov/cryptval/140-1/FIPS1402IG.pdf. This section seems
> especially relevant:
>
> For level 1 Operational Environment, the software cryptographic module
> will remain compliant with the FIPS 140-2 validation when operating on
> any general purpose computer (GPC) provided that:
>
> a. the GPC uses the specified single user operating system/mode
> specified on the validation certificate, or another compatible single
> user operating system, and
>
> b. the source code of the software cryptographic module does not
> require modification prior to recompilation to allow porting to another
> compatible single user operating system.
> (end quote)
>
> The key word here must be "recompilation". The language in an earlier
Unfortunately, another key set of words is "single user". This would seem
to significantly limit the value of a software-only certification...
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
