On 12/21/2011 06:26 AM, Adriano Godinho wrote: > Hi all, > > I was looking for OpenSSL fips 2.0 validation status on NIST list > (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf), > but I could only find an entry called "Transapps" related to OpenSSL > Foundation. Is this transapps another way to refer to OpenSSL fips > module? If not, is it possible to share with us the actual > certification status?
The official name of the 2.0 module is the "OpenSSL FIPS Object Module 2.0", and that name does not currently appear on the CMVP "Modules in Process" list. Transapps is a loosely related initiative not targeted for general use. > I noticed, by reading openssl fips validation status page, that the > module is already completed and the validation process is ongoing. > But can you say on which certification phase the module is > (http://csrc.nist.gov/groups/STM/cmvp/inprocess.html)? We are still in "Implementation Under Test" (IUT) status, which is one of the two stages that persist for a significant time (the other being Review Pending; the remaining stages typically transpire in a matter of days). We move from IUT to Review Pending when the formal test lab report is submitted to the CMVP. We expect that to happen soon -- this year. Note we're a good three months behind the schedule we had in mind when we began this effort in January. These open source validations occur infrequently enough that the temptation for scope creep -- knowing another opportunity may not come along for years -- is overwhelming. That's the main reason for the schedule slip. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct [email protected]
