On 03/06/2012 09:55 AM, Technical Support wrote: > Steve > > Thats where the entire fips validation really breaks down. Complete end > user confusion on what machine, operating system and processer type can > and cannot be used. It must be a real deployment stumbling block for > large organizations.
Strictly speaking that is an issue with all FIPS 140-2 validations of software modules for general purpose computers. Take a look at any such validation (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) and note how many platforms are included in the validation. Not that many, in general. The OpenSSL FIPS Object Module 2.0 will start out with more than the usual number of platforms, roughly four dozen, but that's still less than the spectrum of devices the software could be deployed on. In practice both the vendor and user communities seem to take a fairly casual approach. Inquire about purchasing the WhizBang(tm) product from SnakeOil Enterprises and I'll bet they neglect to caution you (for instance) that the validation won't apply to your Core i5 system because AES-NI wasn't included in the validation :-) -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
