On 3/30/2010 10:58 AM, Gatewood (Woody) Green wrote: > > I assume the 2010 limit on new validations is the impending finalization > of 140-3.
What you are thinking of won't be designated 140-3, it's not sequential, there is such a FIPS level already. Probably FIPS-{new}-2 or FIPS-140-2 2010 or something like that. FIPS 140-3 implies a level of physical validation that an open source project isn't able to consider validating to. If you were to bundle OpenSSL-FIPS into a sealed card, and add the appropriate cert/key mgmt, then you could consider applying for FIPS 140-3 validation for such a physical device. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org