Wei Dai wrote:

> On Fri, Sep 05, 2003 at 04:15:22PM -0400, Anton Stiglic wrote:
>>You are correct, I just saw Crypto++ in the list of FIPS 140 validated 
>>It is the latest entry, added today.
>>Congratulations to Wei Dai!
> Thanks! Also thanks to Groove Networks (the company I work for) for 
> spending the money to do the validation.
>>OpenSSL`s *source code* being evaluated remains exiting.
> If OpenSSL source code gets validated, I'm going to be very surprised.

Prepare to be very surprised, then.

> NIST told us in no uncertain terms that only compiled executable code 
> could be validated. In fact they wouldn't even validate Crypto++ as a 
> static library despite an earlier verbal agreement that a static 
> library was ok. It had to be turned into a DLL at the last moment (i.e. 
> during the review phase).

This is all good fun, coz I'm mandating static libraries for OpenSSL, so
that the evidential chain can be maintained (its hard to find a DSO in a
cross-platform manner so you can checksum it).



http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to