[openssl-commits] [web] master update
Rich Salz
rsalz at openssl.org
Tue Nov 14 23:12:36 UTC 2017
The branch master has been updated
via 7ccd6e53c238eb3f0a145d90436bc40c1d468a8c (commit)
from 3aed616c7367c5edb2a776255d0b00fad93a2bcf (commit)
- Log -----------------------------------------------------------------
commit 7ccd6e53c238eb3f0a145d90436bc40c1d468a8c
Author: Rich Salz <rsalz at akamai.com>
Date: Tue Nov 14 17:59:54 2017 -0500
Remove OVS, FIPS Private Label
-----------------------------------------------------------------------
Summary of changes:
docs/fips/privatelabel.html | 102 ++------------------------------------------
docs/fipsnotes.html | 20 +--------
policies/bylaws.html | 6 ---
3 files changed, 5 insertions(+), 123 deletions(-)
diff --git a/docs/fips/privatelabel.html b/docs/fips/privatelabel.html
index 5262215..270e935 100644
--- a/docs/fips/privatelabel.html
+++ b/docs/fips/privatelabel.html
@@ -22,107 +22,11 @@
economically feasible for a small organization of limited means;
the risk doesn't justify the substantial investment of time and
money required to pursue new validations. As of 2015 we are no
- longer performing any private label validations. The addition of
- new platforms to the existing #1747 or <a
- href="https://openssl.com/fips/ransom.html">comparable</a>
- validations is still possible and those validation actions are still
- being performed.</p>
-
- <p>The rest of this page is of historical interest only.</p>
-
- <h3>What It Is</h3>
-
- <p>We have found that one of the most popular commercial services
- offered by the OpenSSL team is the <a
- href="/docs/fipsnotes.html#privatelabel">private label validation</a>.
- It's not a business we ever planned to be in, but as the
- originators of the source code based OpenSSL FIPS Object Module
- validations, and with lots of practice, we've gotten pretty good
- at it. The revenue we earn from these validations supports the
- OpenSSL project, and for some validations also results in useful
- additions to the OpenSSL baseline.</p>
-
-
- <h3>What You Get</h3>
-
- <p>For a total fixed price we will obtain a Level 1 FIPS 140-2
- validation in your name using the OpenSSL FIPS Object Module v2.0
- for two common platforms using unmodified source code. A common
- platform is a computing device (hardware and operating system)
- that is available and familiar to us and the test lab(s).
- Examples of common platforms are:</p>
- <ul>
- <li>Microsoft Windows (32 bit) on x86 hardware</li>
- <li>Microsoft Windows (64 bit) on x64 hardware</li>
- <li>Linux on 32 bit x86 hardware</li>
- <li>Linux (64 bit) on x64 hardware
- <li>The Android operating system on some common smart phones
- using ARM processors</li>
- <li>HP-UX 11 on Itanium</li>
- <li>Solaris on x64 hardware </li>
- </ul>
-
- <p>Additional common platforms can be added to your validation for
- US$4000 (Linux/Unix/Android) or US$4500 (desktop/server Windows)
- each.</p>
-
- <p>We will handle all interaction with the accredited testing lab
- and the <a
- href="https://csrc.nist.gov/groups/STM/cmvp/index.html">CMVP</a>.
- You sign one contract with the OSF with half of the price due as a
- down payment and the remainder due only when your certificate is <a
- href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm">posted</a>
- by the CMVP.</p>
-
- <p>Within two weeks of executing your contract with us, your
- pending validation will also appear on the <a
- href="http://csrc.nist.gov/groups/STM/cmvp/inprocess.html">pre-val list</a>.
- The presence of your product on this list is sufficient
- to satisfy FIPS 140-2 requirements for some procurements.</p>
-
- <h3>What Qualifies</h3>
-
- <p>This turnkey validation package is applicable in the following
- circumstances:</p>
- <ul>
- <li>You have already confirmed that the module generated from
- the OpenSSL FIPS Object Module v2.0 source distribution,
- possibly with modifications, works on your platform(s).</li>
- <li>Your modifications to the OpenSSL source code, if any, are
- not "cryptographically significant". Roughly speaking, that
- means the modifications do not affect the actual cryptographic
- algorithms. Modifications for portability, such as changing
- <em>#include</em> statements or redefining macros, or changes to
- the build process such as new compiler or linker options, are
- generally acceptable.</li>
- <li>Your application does not require cross-compilation (the
- build system and the target platform can be the same system),
- <em>or</em> your cross-compiled platform is one for which the
- complete build process, including generation of the integrity
- test digest, is already known and tested.</li>
- <li>The actual platform, hardware and software, is either
- already available to the OSF and the lab or is supplied by you.
- We will need at least two complete sets of platform hardware and
- software for customer provided equipment. This equipment can be
- returned once the validation is awarded, though some customers
- have preferred to leave that equipment with us for regression
- testing of future revisions.</li?
- <li>You have determined that the performance of the module is
- satisfactory on your specific target platform. We continually
- make performance enhancements to OpenSSL, only some of which can
- readily be incorporated into routine private label
- validations.</li>
- </ul>
- <p>Note that we can still help you if not all of these
- circumstances apply, but we'll have to look at your specific
- situation more closely. Note minor software modifications can
- often be accommodated in a change letter modification.</p>
-
- <hr>
- <p>Interested? Contact
- <a href="https://openssl.com/fips">OpenSSL Software Services</a>.
+ longer performing any private label validations.
</p>
+ <p>We will be starting work on a new FIPS validation soon.</p>
+
</div>
</article>
</div>
diff --git a/docs/fipsnotes.html b/docs/fipsnotes.html
index dfc50e3..fdbfd2d 100644
--- a/docs/fipsnotes.html
+++ b/docs/fipsnotes.html
@@ -26,7 +26,7 @@
<ul>
- <li>OpenSSL itself is not validated, and never will be. Instead
+ <li>OpenSSL itself is not validated. Instead
a special carefully defined software component called the
OpenSSL FIPS Object Module has been created. This Module was
designed for compatibility with OpenSSL so that products using
@@ -43,14 +43,7 @@
<li>If even the tiniest source code or build process changes are
required for your intended application, you cannot use the open
source based validated module directly. You must obtain your
- own validation. This situation is common; see "Private Label"
- validation, below.</li>
-
- <li>New FIPS 140-2 validations (of any type) are slow (6-12
- months is typical), expensive (US$50,000 is probably typical for
- an uncomplicated validation), and unpredictable (completion
- dates are not only uncertain when first beginning a validation,
- but remain so during the process).</li>
+ own validation.</li>
</ul>
@@ -69,15 +62,6 @@
private label validations for binaries produced from unmodified
(or only cosmetically modified) source code.</p>
- <p>The OSF would really prefer to work on open source based
- validations of benefit to the OpenSSL user community at large, but
- financial support for that objective is intermittent at best. On
- the other hand many vendors are interested in private label
- validations and the OSF will assist in such efforts on a paid
- basis. We've done enough of these to be very cost competitive,
- and for uncomplicated validations we typically work on a fixed
- price basis.</p>
-
<p><strong>Update:</strong> As of 2015 we are no longer performing private label validations. We are still adding new platforms to the <a
href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>
or related validations.</p>
diff --git a/policies/bylaws.html b/policies/bylaws.html
index 1c268ec..f39bf63 100644
--- a/policies/bylaws.html
+++ b/policies/bylaws.html
@@ -151,12 +151,6 @@
to certain contractual requirements. To do so they should send a
request to any existing OSS director.</p>
- <h3>OpenSSL Validation Services (OVS)</h3>
-
- <p>OpenSSL Validation Services handles commercial activities specific
- to FIPS 140 validations and the OpenSSL FIPS Object Module. Membership
- of this organisation is by invitation from an existing director.</p>
-
<h2>OMC Voting Procedures</h2>
<p>A vote to change these bylaws will pass if it obtains an in favour
More information about the openssl-commits
mailing list