I would like to get a clarification. The OpenSSL Security Policy version 1.2 states the followings.
"Only one role may be active at a time and the Module does not allow concurrent operators." Do you mean the Module does not have any prevention for conncurrent operators and it depends on the user to follow i.e. enforce no concurrent operators elsewhere? Thank you, -Pandit ________________________________ From: Kyle Hamilton <aerow...@gmail.com> To: openssl-users@openssl.org Sent: Wednesday, August 19, 2009 1:41:53 PM Subject: Re: Prevent concurrent operator in FIPS mode The API does not prevent concurrent operators. The guidance from the CMVP is that an application (even if operated by a webserver on behalf of someone else) is an operator for purposes of determining compliance with that restriction. Of course, the CMVP seems to want to reduce the functionality of systems that use validated crypto to zero, as well, so I dunno where the balance lies. Neither does Steve M, and he's pretty much openssl's most visible diplomat to the Priesthood of the CMVP. -Kyle H On Wed, Aug 19, 2009 at 9:27 AM, Pandit Panburana<ppanb...@yahoo.com> wrote: > Hello, > The security policy of states that the module does not allow concurrent > operators. How does API prevent concurrent operator? > Thank you, > -Pandit > ________________________________ > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
