One of the main reasons for FIPS is to make writing (US Federal) government "requests for proposals" easier. Without dwelling on that, the FIPS is mostly a procurement-thing, not a technical thing. (Look at the relationship of GOSIP with OSI, the FIPS version of POSIX...) FIPS is mostly important when you are bidding for contract work.
(Sorry for the breakout of bureaucracy-talk. I'll go back to lurking now.) At 10:28 AM -0400 7/25/02, Ed Moyle wrote: >I think the original purpose was to weed out the snake oil. Fair enough ... >products get ignored and a lot of so-so products make it in, but I don't >think that providing confidence as to the security of a product is really >the purpose of FIPS140. I don't trust the security of a product any more -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
