[openssl-commits] [web] master update

Steve Marquess Wed, 22 Jul 2015 05:57:44 -0700

The branch master has been updated
       via  ecd59b75a820b416eb5fcf8a0b06e4eb1aea01e6 (commit)
      from  10c638d6934c96d52236740fb4f0be12f9a68482 (commit)



- Log -----------------------------------------------------------------
commit ecd59b75a820b416eb5fcf8a0b06e4eb1aea01e6
Author: Steve Marquess <[email protected]>
Date:   Wed Jul 22 08:55:17 2015 -0400

    Update references to private label validations

-----------------------------------------------------------------------

Summary of changes:
 docs/fips/fipsnotes.wml    | 26 +++++++++-----------------
 docs/fips/privatelabel.wml | 13 ++++++++-----
 2 files changed, 17 insertions(+), 22 deletions(-)

diff --git a/docs/fips/fipsnotes.wml b/docs/fips/fipsnotes.wml
index 21df9c8..5ce62c8 100644
--- a/docs/fips/fipsnotes.wml
+++ b/docs/fips/fipsnotes.wml
@@ -53,22 +53,16 @@ The OSF would really prefer to work on open source based 
validations of benefit
 to the OpenSSL user community at large, but financial support for that 
objective
 is intermittent at best.  On the other hand many vendors are interested in 
private label
 validations and the OSF will assist in such efforts on a paid basis.  We've 
done enough
-of these to be very cost competitive, and for uncomplicated validations we 
will work
-on a fixed price basis.  A routine private label validation on a single 
commodity
-platform can cost as little as
-<a href="privatelabel.html">US$35,000</a>.
-Contact the <a href="../../support/funding/support-contact.html">OSF</a> for 
more information.
+of these to be very cost competitive, and for uncomplicated validations we 
typically work
+on a fixed price basis.
+
 <p>
-<font color="#cc3333">Update:</font> In collaboration with an accredited CMVP 
testing laboratory we were through
-December 2012 offering a
-cost effective turnkey <a href="privatelabel.html">validation package</a> for 
routine private label validations.
-However, due to some changes in
-<a href="http://www.opensslfoundation.com/fips/ig95.html";>CMVP 
requirements</a> 
-introduced in 2013 the current OpenSSL FIPS Object Module
-code base can no longer be readily be validated. We are still adding new
+<font color="#cc3333">Update:</font> As of 2015 we are no longer performing
+<a href="privatelabel.html">private label</a> validations.
+We are still adding new
 platforms to the 
  <a 
href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747";>#1747</a>
-validation.
+or related validations.
 
 <h2>Current Validations</h2>
 
@@ -84,10 +78,8 @@ And did we mention the <a href="UserGuide.pdf">User 
Guide</a>?
 <a name="transition">
 <font color="#cc3333">Important Note:</font>
 </a>
-Due to changes in the FIPS 140-2 validation requirements the current v1.2 
Module is 
-no longer be a suitable model for private label validations in its current 
form past the year 2010.  See the NIST <a 
href="http://csrc.nist.gov/groups/STM/cmvp/notices.html";>Notices</a>,
-<a 
href="http://csrc.nist.gov/groups/ST/key_mgmt/documents/Transitioning_CryptoAlgos_070209.pdf";>discussion
 paper</a> and
-<a 
href="http://csrc.nist.gov/publications/drafts/800-131/draft-sp800-131_spd-june2010.pdf";>SP
 800-131</a>.
+Due to changes in the FIPS 140-2 validation requirements the current v2.0 
Module is 
+no longer a suitable model for private label validations in its current form 
past the year 2014.
 <p>
 
 <h2>Upcoming Validations</h2>
diff --git a/docs/fips/privatelabel.wml b/docs/fips/privatelabel.wml
index 9d8a9b9..fa32d81 100644
--- a/docs/fips/privatelabel.wml
+++ b/docs/fips/privatelabel.wml
@@ -8,11 +8,14 @@
 If you haven't already, please read our <a href="fipsnotes.html">FIPS 140-2 
Notes</a> page.
 
 <p>
-<font color="#cc3333">IMPORTANT NOTE:&nbsp;</font>The recent addition of
-<a href="http://opensslfoundation.com/fips/ig95.html";>new formal 
requirements</a> has potentially
-complicated new private label validations, but as of August 2013 it appears 
such validations
-are again feasible. We'll be more certain of this once we've actually obtained 
a validation under
-the new rules.
+<font color="#cc3333">IMPORTANT NOTE:&nbsp;</font>The addition of
+multiple new formal requirements since the #1747 validation was first approved 
in 2012, and
+recent unfavorable experiences with increasingly unpredictable outcomes from 
the validation process, have increased
+to the point where private label validations are no longer economically 
feasible for a small
+organization of limited means; the risk doesn't justify the substantial 
investment of time and money required
+to pursue new validations. As of 2015 we are no longer performing any private 
label validations.
+<p>
+The rest of this page is of historical interest only.
 
 <h2>What It Is</h2>
 
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

Reply via email to