I just read an interesting article about the FIPS certification of
OpenSSL which was brought on by the Defense Department’s Defense Medical
Logistics Standard Support program. It says that they had the source
verified instead of the binary and "Because the source code was
validated, it could be compiled for any platform, be it Linux, Microsoft
Windows or some obscure operating system."
The article:
http://www.gcn.com/print/25_12/40733-1.html
After reading on the FIPS page of the NSS wiki:
http://wiki.mozilla.org/FIPS_Validation
It seems you guys are not going after source validation because you list
specific platforms for the validated toolkit. Is that correct? If so,
are there any plans to have the full source validated so NSS could be
used as freely as OpenSSL will soon be.
Dave
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
