[openssl-commits] [web] master update

Rich Salz rsalz at openssl.org
Tue Nov 14 23:12:36 UTC 2017


The branch master has been updated
       via  7ccd6e53c238eb3f0a145d90436bc40c1d468a8c (commit)
      from  3aed616c7367c5edb2a776255d0b00fad93a2bcf (commit)


- Log -----------------------------------------------------------------
commit 7ccd6e53c238eb3f0a145d90436bc40c1d468a8c
Author: Rich Salz <rsalz at akamai.com>
Date:   Tue Nov 14 17:59:54 2017 -0500

    Remove OVS, FIPS Private Label

-----------------------------------------------------------------------

Summary of changes:
 docs/fips/privatelabel.html | 102 ++------------------------------------------
 docs/fipsnotes.html         |  20 +--------
 policies/bylaws.html        |   6 ---
 3 files changed, 5 insertions(+), 123 deletions(-)

diff --git a/docs/fips/privatelabel.html b/docs/fips/privatelabel.html
index 5262215..270e935 100644
--- a/docs/fips/privatelabel.html
+++ b/docs/fips/privatelabel.html
@@ -22,107 +22,11 @@
 	    economically feasible for a small organization of limited means;
 	    the risk doesn't justify the substantial investment of time and
 	    money required to pursue new validations. As of 2015 we are no
-	    longer performing any private label validations. The addition of
-	    new platforms to the existing #1747 or <a
-	      href="https://openssl.com/fips/ransom.html">comparable</a>
-	    validations is still possible and those validation actions are still
-	    being performed.</p>
-
-	    <p>The rest of this page is of historical interest only.</p>
-
-	    <h3>What It Is</h3>
-
-	    <p>We have found that one of the most popular commercial services
-	    offered by the OpenSSL team is the <a
-	      href="/docs/fipsnotes.html#privatelabel">private label validation</a>.
-	    It's not a business we ever planned to be in, but as the
-	    originators of the source code based OpenSSL FIPS Object Module
-	    validations, and with lots of practice, we've gotten pretty good
-	    at it. The revenue we earn from these validations supports the
-	    OpenSSL project, and for some validations also results in useful
-	    additions to the OpenSSL baseline.</p>
-
-
-	    <h3>What You Get</h3>
-
-	    <p>For a total fixed price we will obtain a Level 1 FIPS 140-2
-	    validation in your name using the OpenSSL FIPS Object Module v2.0
-	    for two common platforms using unmodified source code.  A common
-	    platform is a computing device (hardware and operating system)
-	    that is available and familiar to us and the test lab(s).
-	    Examples of common platforms are:</p>
-	    <ul>
-	      <li>Microsoft Windows (32 bit) on x86 hardware</li>
-	      <li>Microsoft Windows (64 bit) on x64 hardware</li>
-	      <li>Linux on 32 bit x86 hardware</li>
-	      <li>Linux (64 bit) on x64 hardware
-	      <li>The Android operating system on some common smart phones
-	      using ARM processors</li>
-	      <li>HP-UX 11 on Itanium</li>
-	      <li>Solaris on x64 hardware </li>
-	    </ul>
-
-	    <p>Additional common platforms can be added to your validation for
-	    US$4000 (Linux/Unix/Android) or US$4500 (desktop/server Windows)
-	    each.</p>
-
-	    <p>We will handle all interaction with the accredited testing lab
-	    and the <a
-	      href="https://csrc.nist.gov/groups/STM/cmvp/index.html">CMVP</a>.
-	    You sign one contract with the OSF with half of the price due as a
-	    down payment and the remainder due only when your certificate is <a
-	      href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm">posted</a>
-	    by the CMVP.</p>
-
-	    <p>Within two weeks of executing your contract with us, your
-	    pending validation will also appear on the <a
-	      href="http://csrc.nist.gov/groups/STM/cmvp/inprocess.html">pre-val list</a>.
-	  The presence of your product on this list is sufficient
-	to satisfy FIPS 140-2 requirements for some procurements.</p>
-
-	    <h3>What Qualifies</h3>
-
-	    <p>This turnkey validation package is applicable in the following
-	    circumstances:</p>
-	    <ul>
-	      <li>You have already confirmed that the module generated from
-	      the OpenSSL FIPS Object Module v2.0 source distribution,
-	      possibly with modifications, works on your platform(s).</li>
-	      <li>Your modifications to the OpenSSL source code, if any, are
-	      not "cryptographically significant".  Roughly speaking, that
-	      means the modifications do not affect the actual cryptographic
-	      algorithms.  Modifications for portability, such as changing
-	      <em>#include</em> statements or redefining macros, or changes to
-	      the build process such as new compiler or linker options, are
-	      generally acceptable.</li>
-	      <li>Your application does not require cross-compilation (the
-	      build system and the target platform can be the same system),
-	      <em>or</em> your cross-compiled platform is one for which the
-	      complete build process, including generation of the integrity
-	      test digest, is already known and tested.</li>
-	      <li>The actual platform, hardware and software, is either
-	      already available to the OSF and the lab or is supplied by you.
-	      We will need at least two complete sets of platform hardware and
-	      software for customer provided equipment.  This equipment can be
-	      returned once the validation is awarded, though some customers
-	      have preferred to leave that equipment with us for regression
-	      testing of future revisions.</li?
-	      <li>You have determined that the performance of the module is
-	      satisfactory on your specific target platform.  We continually
-	      make performance enhancements to OpenSSL, only some of which can
-	      readily be incorporated into routine private label
-	      validations.</li>
-	    </ul>
-	    <p>Note that we can still help you if not all of these
-	    circumstances apply, but we'll have to look at your specific
-	    situation more closely. Note minor software modifications can
-	    often be accommodated in a change letter modification.</p>
-
-	    <hr>
-	    <p>Interested? Contact
-	    <a href="https://openssl.com/fips">OpenSSL Software Services</a>.
+	    longer performing any private label validations.
 	    </p>
 
+            <p>We will be starting work on a new FIPS validation soon.</p>
+
 	  </div>
 	</article>
       </div>
diff --git a/docs/fipsnotes.html b/docs/fipsnotes.html
index dfc50e3..fdbfd2d 100644
--- a/docs/fipsnotes.html
+++ b/docs/fipsnotes.html
@@ -26,7 +26,7 @@
 
 	    <ul>
 
-	      <li>OpenSSL itself is not validated, and never will be.  Instead
+	      <li>OpenSSL itself is not validated.  Instead
 	      a special carefully defined software component called the
 	      OpenSSL FIPS Object Module has been created.  This Module was
 	      designed for compatibility with OpenSSL so that products using
@@ -43,14 +43,7 @@
 	      <li>If even the tiniest source code or build process changes are
 	      required for your intended application, you cannot use the open
 	      source based validated module directly.  You must obtain your
-	      own validation.  This situation is common; see "Private Label"
-	      validation, below.</li>
-
-	      <li>New FIPS 140-2 validations (of any type) are slow (6-12
-	      months is typical), expensive (US$50,000 is probably typical for
-	      an uncomplicated validation), and unpredictable (completion
-	      dates are not only uncertain when first beginning a validation,
-	      but remain so during the process).</li>
+	      own validation.</li>
 
 	    </ul>
 
@@ -69,15 +62,6 @@
 	    private label validations for binaries produced from unmodified
 	    (or only cosmetically modified) source code.</p>
 
-	    <p>The OSF would really prefer to work on open source based
-	    validations of benefit to the OpenSSL user community at large, but
-	    financial support for that objective is intermittent at best.  On
-	    the other hand many vendors are interested in private label
-	    validations and the OSF will assist in such efforts on a paid
-	    basis.  We've done enough of these to be very cost competitive,
-	    and for uncomplicated validations we typically work on a fixed
-	    price basis.</p>
-
 	    <p><strong>Update:</strong> As of 2015 we are no longer performing private label validations. We are still adding new platforms to the <a
 	      href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>
 	    or related validations.</p>
diff --git a/policies/bylaws.html b/policies/bylaws.html
index 1c268ec..f39bf63 100644
--- a/policies/bylaws.html
+++ b/policies/bylaws.html
@@ -151,12 +151,6 @@
           to certain contractual requirements. To do so they should send a
           request to any existing OSS director.</p>
 
-          <h3>OpenSSL Validation Services (OVS)</h3>
-
-          <p>OpenSSL Validation Services handles commercial activities specific
-          to FIPS 140 validations and the OpenSSL FIPS Object Module. Membership
-          of this organisation is by invitation from an existing director.</p>
-
           <h2>OMC Voting Procedures</h2>
 
           <p>A vote to change these bylaws will pass if it obtains an in favour


More information about the openssl-commits mailing list