> The other option is for CliniComp to sponser getting OpenSSH/OpenSSL
> through the certification process, and that's what I'm exploring.
If you look through the complete list, you'll see there's a vendor who had
an openssl software solution certified, but that it's not commercially
available.
I assume you got a cost estimate.
I'm fairly sure that if you paid for the certification, you could get
various openssl-core team members to address any issues raised, *if* they
can be fixed. (For example, if they say "must use h/w RNG" then the
openssl-core team can't do this.)
I'm also sure they'd roll back into the product any other changes that had
to be made.
The only issue, however, is that what gets certified is *that one
version.* If you upgrade the software you need to re-certify.
Still and all, having a certified base-point -- ideally a branch on the
CVS tree -- would be a very good thing to have.
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
