On Sat, Sep 06, 2003 at 07:33:55PM +0100, Ben Laurie wrote: > Prepare to be very surprised, then.
Do you have *written* guidance from NIST/CSE that your approach is ok? (Not the testing lab, what they say don't really count in the end, and neither does what NIST/CSE say verbally.) If so can you please post that written guidance? > This is all good fun, coz I'm mandating static libraries for OpenSSL, so > that the evidential chain can be maintained (its hard to find a DSO in a > cross-platform manner so you can checksum it). If NIST/CSE is really allowing OpenSSL source code and static libraries to be validated, I should go back to them and demand the same treatment for Crypto++. Who have you been working with on the government's side? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
