On Oct 13, 2013, at 1:04 PM, Ray Dillinger wrote:
This is despite meeting (for some inscrutable definition of meeting)
FIPS 140-2 Level 2 and Common Criteria standards. These standards
require steps that were clearly not done here. Yet, validation
certificates were issued.
This is a
Saw this on Arstechnica today and thought I'd pass along the link.
http://arstechnica.com/security/2013/09/fatal-crypto-flaw-in-some-government-certified-smartcards-makes-forgery-a-snap/2/
More detailed version of the story available at:
https://factorable.net/paper.html
Short version:
Dear Ray,
On 2013-10-11, at 19:38 , Ray Dillinger b...@sonic.net wrote:
This is despite meeting (for some inscrutable definition of meeting)
FIPS 140-2 Level 2 and Common Criteria standards. These standards
require steps that were clearly not done here. Yet, validation
certificates were