On 3/30/2010 10:58 AM, Gatewood (Woody) Green wrote:
>
> I assume the 2010 limit on new validations is the impending finalization
> of 140-3.
What you are thinking of won't be designated 140-3, it's not sequential,
there is such a FIPS level already. Probably FIPS-{new}-2 or FIPS-140-2 2010
or something like that.
FIPS 140-3 implies a level of physical validation that an open source project
isn't able to consider validating to. If you were to bundle OpenSSL-FIPS into
a sealed card, and add the appropriate cert/key mgmt, then you could consider
applying for FIPS 140-3 validation for such a physical device.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
