Thanks Wei. I'll look into the meaning of the OEM certification a little more closely - I hadnt looked at it that way....If that is the case, it would be confusing.
On another note, the certificate for crypto++ lists the following for the operational environment:
Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional Operating System, Service Pack 1 (single user mode)
Is the crypto++ library FIPS 140-2 certified on only Win2K or does that apply to WinXP or other OS versions as well?
Thanks...
-----Original Message-----
From: Wei Dai [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 30, 2004 9:39 PM
To: [EMAIL PROTECTED]
Subject: Re: OEM FIPS Certification - Is it Allowed?
On Thu, Jan 29, 2004 at 10:32:12AM -0500, Chris Hofstaedter wrote:
> As I understand it, an enterprise that makes use of your FIPS certified DLL
> can pursue an "OEM Certification". This is an abbreviated form of
> certification that would actually extend to the product that uses the DLL in
> addition to the DLL itself. It would be abbreviated because they only
> examine the manner in which a previously certified libary is used rather
> than a complete certification of the algorithms as well.
I'm not familiar with OEM certification, but from the document you quoted,
it sounds like the cerficiation does not extend to the product that uses
the DLL. It just allows the same DLL to be listed under a different name
on NIST's web site. If my understanding is correct, I don't think this
would be a good idea -- it would just cause confusion to have two
different names for Crypto++.
The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, forwarding, or otherwise copying of this message is strictly prohibited. If you have received this communication in error, please notify Padcom immediately by e-mail at [EMAIL PROTECTED] and delete the original message. Although Padcom utilizes industry accepted methods to scan email and attachments for viruses, it does not guarantee that either is virus-free and accepts no liability for any damage sustained as a result of viruses. Padcom makes no representation or warranty (express or implied) as to the accuracy or completeness of any information provided in this e-mail message and expressly disclaims any and all liability that may be based on information contained therein.
