Jason Schultz wrote:
One point of confusion for me, I read this email to say the OpenSSL FIPS Object Module v1.2 will(may?) not be usable beyond 2010. But in the first discussion link, I read that to say that the v1.2 Module will not be suitable for "private label" validations(which require changes to FIPS module code and/or build process).
A "private label" validation is one which takes the v1.2 source code and validates it under a different label with little or no source code changes (yes, some private label validations use the source code exactly as-is).
It appears to be pretty certain that those private label validations will no longer be possible after 2010, because the reference v1.2 source code won't meet some of the new requirements.
Is it accurate to say that using the FIPS module as described in the 2nd bullet here: http://openssl.org/docs/fips/fipsnotes.html, with no changes and building as described on your platform, that it can be used as a validated cryptographic module beyond 2010?
The tradition for validated modules has generally been that once validated a module remains validated indefinitely. However, the wording of some of the CMVP transition documentation implies that may not be the case post-2010. I've heard that these transitional requirements, which are still officially in draft form, are generating some significant unfavorable feedback from industry. Changes or clarification are possible. So at this point I really don't what the validity of certificate #1051 will be after 2010.
-Steve M. -- Steve Marquess The OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
