On 01/26/2012 09:03 AM, [email protected] wrote: > > First, I saw the early update from Jan 3 that the formal submission was > made and that the expected award date is roughly 2 months from there. > Is late Feb or early March still the expected target, or have issues > come up since that would cause more delay?
Yes, that's still the estimated date ... with the caveat that such estimates can never be certain. I've never personally had a validation review completed in such a short period (two months), but we're getting consistent feedback from several test labs that the current turnaround time is indeed that short. > Second, and more importantly to me than the release date -- is the new > 2.0 validation done on the source code or on the module? The original > validation was done in source code form, and thus the validation status > was maintained on other software/hardware combinations so long as one > was able to compile a set of bitwise-identical source code using the > same compilation/build procedures. I assume this cross-compile > capability and portable validation aspect will be maintained in the 2.0 > validation -- but I feel like I should ask since it was such an > extensive redesign. Well, technically speaking source code itself has never been FIPS 140-2 validated. From the perspective of the CMVP the resulting binary code is the validated module and the process of building from source is "installation" of the module. That's why I try to always use the term "open source *based* validation". The end result is the same, though -- with this validation as for the previous OpenSSL FIPS Object Module validations, if you strictly follow the installation (build) instructions in the Security Policy from unmodified source on a formally tested platform, or one "near enough" to a formally tested platform, then the resulting module is validated. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
