[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [redhat-lspp] Related Question: FIPS 140-x compliance

From: Steve Grubb <sgrubb redhat com>
To: redhat-lspp redhat com
Cc: Stephen John Smoogen <smooge gmail com>
Subject: Re: [redhat-lspp] Related Question: FIPS 140-x compliance
Date: Tue, 27 Jun 2006 14:34:20 -0400

On Tuesday 27 June 2006 14:28, Stephen John Smoogen wrote:
> I was wondering how the systems will implement encryption algorithms
> for  FIPS-140-1 compliance. 

FIPS 140 and LSPP have nothing in common. LSPP does not require it.

> Will they be shipping with openssl-fips-1.0.tar.gz and having that as the
> library set compiled against.. or will there be a seperate binary/library
> channel for these?

I explained this on fedora-devel list a while back. openssl-fips-1.0.tar.gz 
cannot be shipped by us for several reasons. First, it contains patented 
algorithms which Red Hat objects to. This is documented in the README file 
inside the same tarball. Also, the FIPS 140 work was done on 0.9.7 and we are 
way past that somewhere in 0.9.8 series. The cert on 0.9.7 does not carry 
over to 0.9.8. A new cert must be done.

-Steve

Follow-Ups:
- Re: [redhat-lspp] Related Question: FIPS 140-x compliance
  - From: Stephen John Smoogen

References:
- [redhat-lspp] Related Question: FIPS 140-x compliance
  - From: Stephen John Smoogen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]