Status of FIPS 1.2 - Openssl

This is a discussion on Status of FIPS 1.2 - Openssl ; Hello Everyone, Is there any update on when openssl-fips-1.2.0 certification will be complete? Geoff...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Status of FIPS 1.2

  1. Status of FIPS 1.2

    Hello Everyone,



    Is there any update on when openssl-fips-1.2.0 certification will be
    complete?



    Geoff





  2. Re: Status of FIPS 1.2

    The FIPS certification process is a black box. Literally, it will be
    complete when it will be complete, and we can't know until it goes
    into final recommendation phase (which is usually the last step before
    NIST grants the certification).

    -Kyle H

    On Fri, May 30, 2008 at 1:57 AM, Gatfield, Geoffrey
    wrote:
    > Hello Everyone,
    >
    >
    >
    > Is there any update on when openssl-fips-1.2.0 certification will be
    > complete?
    >
    >
    >
    > Geoff
    >
    >

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  3. Re: Status of FIPS 1.2

    On Fri, May 30, 2008, Mathias Brossard wrote:

    > Kyle Hamilton wrote:
    >> The FIPS certification process is a black box. Literally, it will be
    >> complete when it will be complete, and we can't know until it goes
    >> into final recommendation phase (which is usually the last step before
    >> NIST grants the certification).

    >
    > I've seen on the OpenSSL files with URLs like
    > ftp://ftp.openssl.org/snapshot/openssl-0.9.8-fips-test-SNAP-
    .tar.gz
    > I was wondering if those are snapshots of the future FIPS 1.2 ?
    >
    >


    The version currently under test is essentially:

    ftp://ftp.openssl.org/snapshot/opens...t-1.2.0.tar.gz

    Though there are no guarantees it wont change before validation is finalised.

    The snapshots such as:

    ftp://ftp.openssl.org/snapshot/opens...0080526.tar.gz

    are based on more recent versions of OpenSSL 0.9.8. They can be linked against
    the 1.2 module (when available) in a similar way to 0.9.7 and the 1.1.2 module.

    Steve.
    --
    Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
    OpenSSL project core developer and freelance consultant.
    Homepage: http://www.drh-consultancy.demon.co.uk
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  4. Re: Status of FIPS 1.2

    Kyle Hamilton wrote:
    > The FIPS certification process is a black box. Literally, it will be
    > complete when it will be complete, and we can't know until it goes
    > into final recommendation phase (which is usually the last step before
    > NIST grants the certification).


    I've seen on the OpenSSL files with URLs like
    ftp://ftp.openssl.org/snapshot/openssl-0.9.8-fips-test-SNAP-
    .tar.gz
    I was wondering if those are snapshots of the future FIPS 1.2 ?

    Sincerely,
    --
    Mathias Brossard


  5. Re: Status of FIPS 1.2

    Kyle Hamilton wrote:
    > The FIPS certification process is a black box. Literally, it will be
    > complete when it will be complete, and we can't know until it goes
    > into final recommendation phase (which is usually the last step before
    > NIST grants the certification).
    >

    If I had to make a guess I'd say I'm hoping for late June or early July,
    expecting something in August, resigned to September :-). We're a
    little over a month into the "aging in an in-box" phase, and the
    grapevine says the backlog is currently running 2-3 months. On the
    other hand one uncomplicated validation I worked on recently took a full
    year when the backlog was supposedly also only a few months; one never
    knows.

    As Kyle noted, usually the CMVP has a few questions or requirements when
    the submission makes it out of the in-box and is actually under review,
    at which point we know approval is probably only a few days or weeks
    away, and at which point I'll make a heads-up announcement.

    If it makes anyone feel any better, take it from me that there are other
    government validation/certification processes that are slower, more
    difficult, and more pointless than FIPS 140-2.

    -Steve M.

    --
    Steve Marquess
    Open Source Software institute
    marquess@oss-institute.org

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread