|

»

FIPS Certification

View: New views

3 Messages — Rating Filter: Alert me

	FIPS Certification by Hoyt, David :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Is or will there be an effort to become FIPS certified? If so, is there a schedule laid out for the process? Is there a webpage I can look at to keep myself up-to-date on the certification process? Thanks, - David Hoyt _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: FIPS Certification by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message "Hoyt, David" <hoyt6@...> writes: > Is or will there be an effort to become FIPS certified? If so, is > there a schedule laid out for the process? Is there a webpage I can > look at to keep myself up-to-date on the certification process? All the crypto in GnuTLS normally happens in libgcrypt, and I recall seeing libgcrypt mentioned on the list of projects underway of becoming FIPS-certified some time ago. Also, it is possible to replace the crypto calls to your own library on the fly, see: http://www.gnu.org/software/gnutls/reference/gnutls-crypto.html There may be more involved, but this is as much as I am aware of. I am certainly interested in seeing GnuTLS FIPS-certified, but if anything more than FIPS-certifying libgcrypt is required, that will require funding from someone. Thanks, /Simon _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: FIPS Certification by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Simon Josefsson <simon@...> writes: > "Hoyt, David" <hoyt6@...> writes: > >> Is or will there be an effort to become FIPS certified? If so, is >> there a schedule laid out for the process? Is there a webpage I can >> look at to keep myself up-to-date on the certification process? > > All the crypto in GnuTLS normally happens in libgcrypt, and I recall > seeing libgcrypt mentioned on the list of projects underway of becoming > FIPS-certified some time ago. Looking again, I see that AES/3DES/SHA1/SHA2/RSA/DSA/RNG in libgcrypt have been FIPS certified. Follow links from: http://csrc.nist.gov/groups/STM/cavp/validation.html Still, older TLS does not use standard RSA PKCS#1 so you have to make sure GnuTLS is really using the right crypto bits from libgcrypt. /Simon _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls