> Much of the mystery and inconsistency of cryptographic module validation
> would be obviated if the results of validations were more fully disclosed. At
> present details about validations are treated as state secrets, with the
> singular exception of our open source based validations.
Sadly true. I think because, often, there's less there than meets the eye.
One of the most important things OpenSSL FIPS does is bring some much-needed
sunlight into this arena.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
