Wei Dai wrote: > On Fri, Sep 05, 2003 at 04:15:22PM -0400, Anton Stiglic wrote: > >>You are correct, I just saw Crypto++ in the list of FIPS 140 validated >>modules: >>http://csrc.nist.gov/cryptval/140-1/140val-all.htm >>It is the latest entry, added today. >>Congratulations to Wei Dai! > > > Thanks! Also thanks to Groove Networks (the company I work for) for > spending the money to do the validation. > > >>OpenSSL`s *source code* being evaluated remains exiting. > > > If OpenSSL source code gets validated, I'm going to be very surprised.
Prepare to be very surprised, then. > NIST told us in no uncertain terms that only compiled executable code > could be validated. In fact they wouldn't even validate Crypto++ as a > static library despite an earlier verbal agreement that a static > library was ok. It had to be turned into a DLL at the last moment (i.e. > during the review phase). This is all good fun, coz I'm mandating static libraries for OpenSSL, so that the evidential chain can be maintained (its hard to find a DSO in a cross-platform manner so you can checksum it). Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
