Steve, Thanks for reply. It's the answer I was hoping to receive. No problem on the rant. I can appreciate the point of view.
David -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Steve Marquess Sent: Thursday, July 15, 2010 6:18 AM To: openssl-users@openssl.org Subject: Re: openssl FIPS 140-2 certificate after 2010 David Stafford wrote: > What are the issues, if any, with using the "FIPS module" after the > end of 2010 ? > Does the certificate number 1051 become invalid ? > My best guess at this point is that the OpenSSL FIPS Object Module v1.2 (aka the #1051 validation) proper remains usable, as that exact and specific module. However, "private label" validations of that same source code become much more difficult, i.e. that code base will no longer be directly suitable for the rubber stamp validations so many commercial vendors have done under their own names. <rant> I find it sad and ironic that many vendors are willing to fund private revalidations of the same code, over and over again, yet no one is willing to support the open source validations that make those possible in the first place. The total amount invested that way across the industry (and hence indirectly paid for by taxpayers, as FIPS validated products are or primary interest to the government market) dwarfs the cost of a single open source based validation that everyone could use. </rant> We (the OSF) are part of the problem too, we do private label validations for pay (shameless plug: very cost effectively as we'd had a lot of practice). Such work doesn't improve the publicly available OpenSSL product but it does help pay the rent. We'd much rather work on the open source software, however. -Steve M. -- Steve Marquess The OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 marqu...@opensslfoundation.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
