On Tue, Jan 27, 2009 at 9:56 PM, <alex.agra...@gmail.com> wrote: > Hi, > > I wonder if someone could clear to me the status of NSS FIPS-140 > certification on SPARC Solaris 10. According to > https://wiki.mozilla.org/FIPS_Validation > the latest certified NSS "crypto module" version is 3.11.4 (AFAIK this > "crypto module" is part of NSS libraries 3.11.4 and 3.11.5) and the > list of platforms includes: > # Solaris 10 64-bit SPARC v9 > # Solaris 10 32-bit SPARC v8+ > > However the issued NIST certificate mentions only one SPARC platform: > # Sun Blade 2500 Workstation with UltraSPARC IIIi CPU, Sun Trusted > Solaris Version 8 4/01, Extended ECC. > and one Solaris 10 x86 platform: > # Sun W2100z workstation with dual AMD Opteron CPUs, 64-bit Solaris > 10, > Extended ECC. > > As far as I understand, vendor and/or user may recompile FIPS- > certified software on a "compatible" platform (assuming that no > changes to the source code are required) and retain FIPS-140 > certification. Can we use this clause to claim NSS certification on > Solaris 10 SPARC platforms? Is this claim based on the certificate for > Solaris 10 x86 or Solaris 8 SPARC platforms?
Yes, you can use this clause to claim NSS certification on Solaris 10 SPARC platforms, based on the certificate for *Trusted* Solaris 8 SPARC. In addition, if Solaris 10 has been Common Criteria evaluated at EAL2 or higher (you may need to install some extensions), you can claim certification at Level 2. > Also what is the status of the latest FIPS-140 certification of NSS > 3.12? The Wiki says that it was planned for Fall 2008 and I wonder how > does it go (I see that the module is in IUT state on the NIST site). > What platforms will it be certified on? It's still in an early stage. We're getting ready to start the algorithm testing. I don't know what platforms it will be certified on. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
