[openssl-users] RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

Steve Marquess marquess at openssl.com
Fri Dec 18 18:21:36 UTC 2015


On 12/18/2015 01:10 PM, Salz, Rich wrote:
>> What would then be the permitting conditions to pursue a new
>> validation ? If you don't mind me asking.  I have read several
>> notes you have on the subject and I agree that the whole thing is
>> of Dedalus proportions.  In a nutshell what would be these
>> conditions ?
> 
> In a nutshell: someone willing to spend the money (low six figures)
> without adding requirements that violates the spirit of our open
> source philosophy, and while knowing that the project might fail for
> non-technical reasons.

I'll also note that each of the previous five open source based
validations had one or more U.S. government sponsors with an interest in
a successful outcome. I believe that interest, expressed and exercised
in ways I was not fully privy to, was the key element in those
successful outcomes.

We will undertake another tilt a the windmill with the prerequisites
Rich noted above, but I think a successful outcome for the sixth
such validation will also require the engagement of politically adept
stakeholders.

-Steve M.

-- 
Steve Marquess
OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc


More information about the openssl-users mailing list