Kyle Hamilton wrote:
Our security policy already addresses this. If you set the password outside of FIPS mode to a non-compliant password you are outside the security policy, and thus not FIPS validated.On Tue, Oct 7, 2008 at 5:22 PM, Subrata Mazumdar <[EMAIL PROTECTED]> wrote:I guess that the problem is in documentation and the PSM GUI. The PSM GUI should have clearly stated the password policy requirement in the password change dialog window. Also, NSS should have enforced the FIPS password policy during the FIPS enablement. It should not have enabled the internal token for FIPS with non-complaint password....which means that the FIPS token code needs to be changed, which requires a new FIPS validation procedure. Unless it can be handled by a "vendor letter change"? I'm not a FIPS validation expert, but it's a problem with the code which is already validated (the token is passed the password to initialize itself).
bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
