On Fri, Jan 23, 2009, Young, Alistair wrote: > ... though I notice that the Security Policy document does not > explicitly mention ECDSA in the table of FIPS approved algorithms. > > It does mention DSA with 1024-bit keys (but has a confusing footnote > which states that "DSA supports a key size of less than 1024 bits except > when not in FIPS mode" - is there an extra 'not' in this statement?), > but that perhaps doesn't cover ECDSA. >
That is correct, ECDSA is not an approved algorithm in FIPS mode. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org