[openssl-commits] [web] master update

Steve Marquess stevem at openssl.org
Wed Jul 22 12:55:35 UTC 2015


The branch master has been updated
       via  ecd59b75a820b416eb5fcf8a0b06e4eb1aea01e6 (commit)
      from  10c638d6934c96d52236740fb4f0be12f9a68482 (commit)


- Log -----------------------------------------------------------------
commit ecd59b75a820b416eb5fcf8a0b06e4eb1aea01e6
Author: Steve Marquess <marquess at openssl.com>
Date:   Wed Jul 22 08:55:17 2015 -0400

    Update references to private label validations

-----------------------------------------------------------------------

Summary of changes:
 docs/fips/fipsnotes.wml    | 26 +++++++++-----------------
 docs/fips/privatelabel.wml | 13 ++++++++-----
 2 files changed, 17 insertions(+), 22 deletions(-)

diff --git a/docs/fips/fipsnotes.wml b/docs/fips/fipsnotes.wml
index 21df9c8..5ce62c8 100644
--- a/docs/fips/fipsnotes.wml
+++ b/docs/fips/fipsnotes.wml
@@ -53,22 +53,16 @@ The OSF would really prefer to work on open source based validations of benefit
 to the OpenSSL user community at large, but financial support for that objective
 is intermittent at best.  On the other hand many vendors are interested in private label
 validations and the OSF will assist in such efforts on a paid basis.  We've done enough
-of these to be very cost competitive, and for uncomplicated validations we will work
-on a fixed price basis.  A routine private label validation on a single commodity
-platform can cost as little as
-<a href="privatelabel.html">US$35,000</a>.
-Contact the <a href="../../support/funding/support-contact.html">OSF</a> for more information.
+of these to be very cost competitive, and for uncomplicated validations we typically work
+on a fixed price basis.
+
 <p>
-<font color="#cc3333">Update:</font> In collaboration with an accredited CMVP testing laboratory we were through
-December 2012 offering a
-cost effective turnkey <a href="privatelabel.html">validation package</a> for routine private label validations.
-However, due to some changes in
-<a href="http://www.opensslfoundation.com/fips/ig95.html">CMVP requirements</a> 
-introduced in 2013 the current OpenSSL FIPS Object Module
-code base can no longer be readily be validated. We are still adding new
+<font color="#cc3333">Update:</font> As of 2015 we are no longer performing
+<a href="privatelabel.html">private label</a> validations.
+We are still adding new
 platforms to the 
  <a href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>
-validation.
+or related validations.
 
 <h2>Current Validations</h2>
 
@@ -84,10 +78,8 @@ And did we mention the <a href="UserGuide.pdf">User Guide</a>?
 <a name="transition">
 <font color="#cc3333">Important Note:</font>
 </a>
-Due to changes in the FIPS 140-2 validation requirements the current v1.2 Module is 
-no longer be a suitable model for private label validations in its current form past the year 2010.  See the NIST <a href="http://csrc.nist.gov/groups/STM/cmvp/notices.html">Notices</a>,
-<a href="http://csrc.nist.gov/groups/ST/key_mgmt/documents/Transitioning_CryptoAlgos_070209.pdf">discussion paper</a> and
-<a href="http://csrc.nist.gov/publications/drafts/800-131/draft-sp800-131_spd-june2010.pdf">SP 800-131</a>.
+Due to changes in the FIPS 140-2 validation requirements the current v2.0 Module is 
+no longer a suitable model for private label validations in its current form past the year 2014.
 <p>
 
 <h2>Upcoming Validations</h2>
diff --git a/docs/fips/privatelabel.wml b/docs/fips/privatelabel.wml
index 9d8a9b9..fa32d81 100644
--- a/docs/fips/privatelabel.wml
+++ b/docs/fips/privatelabel.wml
@@ -8,11 +8,14 @@
 If you haven't already, please read our <a href="fipsnotes.html">FIPS 140-2 Notes</a> page.
 
 <p>
-<font color="#cc3333">IMPORTANT NOTE: </font>The recent addition of
-<a href="http://opensslfoundation.com/fips/ig95.html">new formal requirements</a> has potentially
-complicated new private label validations, but as of August 2013 it appears such validations
-are again feasible. We'll be more certain of this once we've actually obtained a validation under
-the new rules.
+<font color="#cc3333">IMPORTANT NOTE: </font>The addition of
+multiple new formal requirements since the #1747 validation was first approved in 2012, and
+recent unfavorable experiences with increasingly unpredictable outcomes from the validation process, have increased
+to the point where private label validations are no longer economically feasible for a small
+organization of limited means; the risk doesn't justify the substantial investment of time and money required
+to pursue new validations. As of 2015 we are no longer performing any private label validations.
+<p>
+The rest of this page is of historical interest only.
 
 <h2>What It Is</h2>
 


More information about the openssl-commits mailing list