Actually, I also think you have to validate it on *every* platform as well. It could be validated for Sun, but that would not count for HP. This was explained by a company with a Java based security product. As Java is multi-platform by nature, the work and cost to certify was horrendous.
Jeff On Wed, 5 Dec 2001, Erwann ABALEA wrote: > This one should really go to OpenSSL-Users, not OpenSSL-Dev. > > On Tue, 4 Dec 2001, Tina Anderson wrote: > > > Has anyone investigated obtaining FIPS 140-1 validation for OpenSSL? > > > > FIPS 140-1 is a U.S. government standard for implementations of > > cryptographic modules. > > The validation process is time and money expensive. For an OpenSource > project, it's always difficult. Who will pay? And for which version? (if > you continue to develop the product, then it's no longer FIPS140-1 > validated). > > That could be a good idea, but I think OpenSSL isn't ready yet, apart from > the money issue... > > -- > Erwann ABALEA > [EMAIL PROTECTED] > RSA PGP Key ID: 0x2D0EABD5 > ----- > ``In theory, practice and theory are the same, but in practice they > are different.'' > Larry McVoy > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
