Re: status of NSS FIPS-140 certification on SPARC Solaris 10

Wed, 28 Jan 2009 10:44:15 -0800 

On 1/28/09 9:56 AM, Wan-Teh Chang wrote:

On Tue, Jan 27, 2009 at 9:56 PM,<alex.agra...@gmail.com>  wrote:

Hi,

I wonder if someone could clear to me the status of NSS FIPS-140
certification on SPARC Solaris 10. According to 
https://wiki.mozilla.org/FIPS_Validation
the latest certified NSS "crypto module" version is 3.11.4 (AFAIK this
"crypto module" is part of NSS libraries 3.11.4 and 3.11.5) and the
list of platforms includes:
   # Solaris 10 64-bit SPARC v9
   # Solaris 10 32-bit SPARC v8+

However the issued NIST certificate mentions only one SPARC platform:
   # Sun Blade 2500 Workstation with UltraSPARC IIIi CPU, Sun Trusted
Solaris Version 8 4/01, Extended ECC.
and one Solaris 10 x86 platform:
   # Sun W2100z workstation with dual AMD Opteron CPUs, 64-bit Solaris
10,
Extended ECC.

As far as I understand, vendor and/or user may recompile FIPS-
certified software on a "compatible" platform (assuming that no
changes to the source code are required) and retain FIPS-140
certification. Can we use this clause to claim NSS certification on
Solaris 10 SPARC platforms? Is this claim based on the certificate for
Solaris 10 x86 or Solaris 8 SPARC platforms?


Yes, you can use this clause to claim NSS certification on
Solaris 10 SPARC platforms, based on the certificate for
*Trusted* Solaris 8 SPARC.

In addition, if Solaris 10 has been Common Criteria evaluated
at EAL2 or higher (you may need to install some extensions),
you can claim certification at Level 2.


Also what is the status of the latest FIPS-140 certification of NSS
3.12? The Wiki says that it was planned for Fall 2008 and I wonder how
does it go (I see that the module is in IUT state on the NIST site).
What platforms will it be certified on?


It's still in an early stage.  We're getting ready to start
the algorithm testing.  I don't know what platforms it
will be certified on.


The platforms are listed on
https://wiki.mozilla.org/FIPS_Validation

    *  Level 1
          o Windows XP Service Pack 2
          o Mac OS X 10.5
    * Level 2
          o RHEL 5 x86 32 bit
          o RHEL 5 x86 64 bit
          o Solaris 10 64-bit SPARC v9
          o Solaris 10 32-bit SPARC v8+
          o Solaris 10 32-bit x86
          o Solaris 10 64-bit x86_64
Note: the NIST certificates will list the actual machine the testing lab used to test on. These machines can be old and may not even be currently sold. One needs to pay attention to the OS and Architecture/Instruction Set that the binary was built for. 

-glen

--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to