FIPS 140-2 certification
Ben Lindstrom
mouring at etoh.eviladmin.org
Tue Oct 1 01:01:35 EST 2002
As I say before.. Don't know about OpenSSL group, but I believe the slogan
for the OpenSSH group is.
"Show me the patch."
Perferable one patch per logical fix/patch. So it is easier for us to
decide which ones we like or don't like.
No one has said.. "F*ck off" =) Just me asking how FIPS fixs into things
so I know what to expect when Markus asks for comments on things.
- Ben
On Mon, 30 Sep 2002, Loomis, Rip wrote:
>
> > I'm surprised that you are using IRIX. I would not have thought IRIX
> > would have gotten FIPS rating. AIX or Solaris Trusted would not have
> > surprised me. Guess I'll have to have a chat with a buddy
> > over there. =)
>
> See http://niap.nist.gov/cc-scheme/CCEVS-CC-VID401-SGI_IRIX.html
> for details. (disclaimer: I work for SAIC and was involved in
> preparing the evidence for this evaluation. TRIX was evaluated
> at the same time.)
>
> I'd be very interested in following up on FIPS 140 [series] certification
> of OpenSSL/OpenSSH as well, but as others have noted it might be a
> difficult process even with a financial sponsor.
>
> --
> Rip Loomis Senior Systems Security Engineer
> SAIC Secure Business Solutions Group www.saic.com/securebiz
> Center for Information Security Technology www.cist-east.saic.com
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list