Sent: Thursday, November 15, 2012 10:17 AM
To: openssl-users@openssl.org
Subject: RE: OpenSSL/FIPS Object Module and FIPS compliance - testing some
assertions
The term 'FIPS compliant' does not refer to the software capability, but to the
implementation used to perform the cryptographic
The term 'FIPS compliant' does not refer to the software capability, but to the
implementation used to perform the cryptographic operations. If only one end
of your connection is in FIPS mode then the full end to end path is not
necessarily FIPS compliant. In fact, without some out-of-band mec
On Tue, Nov 13, 2012 at 4:26 PM, mclellan, dave wrote:
> We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1)
> and I’d like to test out this set of assumptions (or maybe they are
> ‘assertions’)
>
> - In the context of OpenSSL, FIPS compliance is all about algorit
On 11/14/2012 04:21 PM, mclellan, dave wrote:
> Thanks for that clarification. It's not so cut and dry, I see.
>
> About this: "... and don't even bother to build fipscanister.o"... Then on
> what grounds could they claim FIPS compliance?
There is a common confusion between "FIPS compliant"
@openssl.org
> Subject: Re: OpenSSL/FIPS Object Module and FIPS compliance - testing some
> assertions
>
> On Wed, Nov 14, 2012 at 3:25 PM, mclellan, dave wrote:
>> ...
>> We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1)
>> and I
lto:owner-openssl-us...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Wednesday, November 14, 2012 3:57 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL/FIPS Object Module and FIPS compliance - testing some
assertions
On Wed, Nov 14, 2012 at 3:25 PM, mclellan, dave wrote:
> ...
> We are starti
On Wed, Nov 14, 2012 at 3:25 PM, mclellan, dave wrote:
> ...
> We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1)
> and I’d like to test out this set of assumptions (or maybe they are
> ‘assertions’)
>
> - In the context of OpenSSL, FIPS compliance is all about a
