Re: FIPS 140-2 Certification

Erez Pasternak wrote: Hi Does anyone here knows 1) Which versions of Open SSL are FIPS 140-2 certified on Linux? Which versions of Linux? 2) Which versions of Open SSL are FIPS 140-2 certified on Windows? Which versions of Windows? Thanks Erez Pasternak There is currently only o

FIPS 140-2 Certification

Hi Does anyone here knows 1) Which versions of Open SSL are FIPS 140-2 certified on Linux? Which versions of Linux? 2) Which versions of Open SSL are FIPS 140-2 certified on Windows? Which versions of Windows? Thanks Erez Pasternak

RE: FIPS 140-2 certification

As I say before.. Don't know about OpenSSL group, but I believe the slogan for the OpenSSH group is. "Show me the patch." Perferable one patch per logical fix/patch. So it is easier for us to decide which ones we like or don't like. No one has said.. "F*ck off" =) Just me ask

RE: FIPS 140-2 certification

> I'm surprised that you are using IRIX. I would not have thought IRIX > would have gotten FIPS rating. AIX or Solaris Trusted would not have > surprised me. Guess I'll have to have a chat with a buddy > over there. =) See http://niap.nist.gov/cc-scheme/CCEVS-CC-VID401-SGI_IRIX.html for deta

Re: FIPS 140-2 certification

On Mon, Sep 30, 2002 at 10:01:35AM -0500, Ben Lindstrom wrote: > As I say before.. Don't know about OpenSSL group, but I believe the slogan > for the OpenSSH group is. > > "Show me the patch." > > Perferable one patch per logical fix/patch. So it is easier for us to > decide which

RE: FIPS 140-2 certification

tware only) certification testing is about $50,000. Chris Brook -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ben Laurie Sent: Saturday, September 28, 2002 7:33 AM To: [EMAIL PROTECTED] Subject: Re: FIPS 140-2 certification Nathan Bardsley wrote: > Hello everyon

Re: FIPS 140-2 certification

On Fri, Sep 27, 2002 at 07:10:18PM -0500, Ben Lindstrom wrote: > FIPS 140 is linked to C2 security from the looks of it. And from my > skimming it looks like OpenSSL would need to get NIST approval for their > general crypto, their digital signatures, and more than likely thier MAC > code. FIP

Re: FIPS 140-2 certification

On Fri, 27 Sep 2002, Nathan Bardsley wrote: > Ben Lindstrom wrote: > > Where are theses 'DIPS 140-2' requirements? If they are anything like the > > other military requirements they are impratical and insane (yes I've had > > some time in the area. Not my idea of fun =). > > This:

Re: FIPS 140-2 certification

Nathan Bardsley wrote: > Hello everyone! > > I work for a company that uses OpenSSH/OpenSSL to remotely support > systems we've sold. Since some of our clients are US Dept. of Defense > hospitals, our access to these servers needs to comply with a whole > range of requirements and standards.

Re: FIPS 140-2 certification

> The other option is for CliniComp to sponser getting OpenSSH/OpenSSL > through the certification process, and that's what I'm exploring. If you look through the complete list, you'll see there's a vendor who had an openssl software solution certified, but that it's not commercially available

Re: FIPS 140-2 certification

Ben Lindstrom wrote: > Where are theses 'DIPS 140-2' requirements? If they are anything like the > other military requirements they are impratical and insane (yes I've had > some time in the area. Not my idea of fun =). This: is the URL at NIST, I'm just gettin

FIPS 140-2 certification

Hello everyone! I work for a company that uses OpenSSH/OpenSSL to remotely support systems we've sold. Since some of our clients are US Dept. of Defense hospitals, our access to these servers needs to comply with a whole range of requirements and standards. At this point it's looking like t