Thanks Steve. I will look out for the update on the CMVP webpage.
-Ashit
On Fri, Mar 9, 2012 at 1:12 PM, Steve Marquess <
marqu...@opensslfoundation.com> wrote:
> On 03/09/2012 11:18 AM, Ashit Vora wrote:
> > Steve,
> >
> > Please see response from Randy (CMVP Director) below. It clearly
> > ind
On 03/09/2012 11:18 AM, Ashit Vora wrote:
> Steve,
>
> Please see response from Randy (CMVP Director) below. It clearly
> indicates older versions (including v1.2) are no longer considered
> validated since they are not listed on the website:
Randy is the man, so I stand corrected. A huge number
Steve,
Please see response from Randy (CMVP Director) below. It clearly indicates
older versions (including v1.2) are no longer considered validated since
they are not listed on the website:
*"Ashit,
You can always view the change history by downloading the CMVP Validation
DB from: http://csrc.n
On 03/08/2012 08:49 PM, Ashit Vora wrote:
> Steve,
>
> First let me clarify that it isn't my intent to challenge OpenSSL
> validation. In fact the reason I started down this path is because I
> have a product that uses v1.2 and needs to claim FIPS compliance. I
> cannot legitimately make that clai
n
> > 1.2.
>
> It is mentioned: "...The v1.2.3 Module can be used in any environment
> supported by the earlier v1.2 Module.". I can see where you may have
> been confused by that and the statement "Note that the OpenSSL FIPS
> Object Module v1.2.3 completely r
s the validated module. There is no mention
> 1.2.
It is mentioned: "...The v1.2.3 Module can be used in any environment
supported by the earlier v1.2 Module.". I can see where you may have
been confused by that and the statement "Note that the OpenSSL FIPS
Object Module v1.2.3 c
Regarding the certificate, it will never be updated. Whenever the CMVP
updates a listing because of a change letter process (IG G.5 scenario 1)
they only update the website listing. They never update the certificate.
The understanding is that the website listing supersedes the certificate.
Please s
On 03/08/2012 05:12 PM, Steve Marquess wrote:
> On 03/08/2012 04:05 PM, Ashit Vora wrote:
>> Thanks Steve. This makes sense (i.e. newer versions subsuming older
>> versions).
>>
>> However given that 1.2 is no longer listed on the NIST website, that
>> version can no longer be considered FIPS valid
On 03/08/2012 04:05 PM, Ashit Vora wrote:
> Thanks Steve. This makes sense (i.e. newer versions subsuming older
> versions).
>
> However given that 1.2 is no longer listed on the NIST website, that
> version can no longer be considered FIPS validated. This is an issue for
> deployed products that
On Thu, Mar 8, 2012 at 3:46 PM, Steve Marquess <
marqu...@opensslfoundation.com> wrote:
> On 03/08/2012 01:43 PM, Ashit Vora wrote:
> > Hello,
> >
> > I searched the archives but did not find the answer to this question.
> >
> > What is the reason OpenSSL FIPS
On 03/08/2012 01:43 PM, Ashit Vora wrote:
> Hello,
>
> I searched the archives but did not find the answer to this question.
>
> What is the reason OpenSSL FIPS Object Module v1.2 is no longer listed
> as FIPS validated? It seems only v1.2.3 is now listed:
That's because
Hello,
I searched the archives but did not find the answer to this question.
What is the reason OpenSSL FIPS Object Module v1.2 is no longer listed as
FIPS validated? It seems only v1.2.3 is now listed:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm#1051
Thanks in advance
I've received several requests for minor editorial changes to the draft
security policy for the v1.2 OpenSSL FIPS Object Module validation that
has been in process for a number of months now. Based on past
experience those requests mean that the validation is now undergoing
active review and t
Brendan Simon wrote:
Where can I find information about OpenSSL FIPS Object Module v1.2 ???
Where can this be downloaded from? CVS only? Or are there tarballs
somewhere?
CVS only, branch OpenSSL-fips-0_9_8-stable branch. I'm not releasing
the draft Security Policy yet because it has not
can I find information about OpenSSL FIPS Object Module v1.2 ???
Where can this be downloaded from? CVS only? Or are there tarballs
somewhere?
Where does FIPS related development/discussion take place? Just the
users mailing list?
Is there a spot on the website dedicat
Kyle Hamilton wrote:
> The FIPS validation process is... odd. And not at all conducive to the
> open-source development model.
>
There is a certain dissonance, for sure :-)
> There is no available OpenSSL FIPS Object Module v1.2.
Well, yes and no. Check out the OpenSSL-fips-
The FIPS validation process is... odd. And not at all conducive to the
open-source development model.
There is no available OpenSSL FIPS Object Module v1.2. Until it passes
validation, anyway, at which point the openssl-fips-1.2.0.tar.gz file will
be made available. I don't think the sour
Where can I find information about OpenSSL FIPS Object Module v1.2 ???
Where can this be downloaded from? CVS only? Or are there tarballs
somewhere?
Where does FIPS related development/discussion take place? Just the
users mailing list?
Is there a spot on the website dedicated to FIPS
18 matches
Mail list logo
