Kyle Hamilton wrote:
The FIPS certification process is a black box. Literally, it will be
complete when it will be complete, and we can't know until it goes
into final recommendation phase (which is usually the last step before
NIST grants the certification).
If I had to make a guess I'd say I'm hoping for late June or early July,
expecting something in August, resigned to September :-). We're a
little over a month into the "aging in an in-box" phase, and the
grapevine says the backlog is currently running 2-3 months. On the
other hand one uncomplicated validation I worked on recently took a full
year when the backlog was supposedly also only a few months; one never
knows.
As Kyle noted, usually the CMVP has a few questions or requirements when
the submission makes it out of the in-box and is actually under review,
at which point we know approval is probably only a few days or weeks
away, and at which point I'll make a heads-up announcement.
If it makes anyone feel any better, take it from me that there are other
government validation/certification processes that are slower, more
difficult, and more pointless than FIPS 140-2.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]