[openssl-users] Key Deriviation Function Tests for TLS

Steve Marquess marquess at openssl.com
Wed Sep 30 14:17:22 UTC 2015

On 09/30/2015 09:58 AM, Jakob Bohm wrote:
> On 30/09/2015 15:34, Steve Marquess wrote:
>> On 09/30/2015 09:18 AM, Jakob Bohm wrote:
>>> ...
>>> Under the new "contribution agreement" scheme, publishing such items
>>> early would also make them available to users ...
>> Publishing by someone else is fine, go for it. It would be nice to have
>> someone else publish FIPS module code, or validation information of any
>> kind for that matter. I think the validation process would be a lot less
>> capricious with less of the secrecy that is the current norm.
> Point is that the contribution agreement contains a bug, whereby
> anything not published by the OpenSSL Foundation in the UK is not
> licensed to anyone.
> Having a publication procedure for things marked "This does NOT
> work in its current form, but we are giving you a license" works
> around that bug ...

Speaking just for myself, and not my fellow team mates, I see no upside
and a lot of downsides to our hosting of "does not work" code
contributions. Especially for FIPS specific code. The originators of
that code are free to give it to anyone else at any time; they don't
need us to do so.

-Steve M.

Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at opensslfoundation.com
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list