On 07/21/10 23:24, Nelson B Bolyard wrote:
Maybe chaining two FIPS-compliant devices will result in FIPS-compliant
aggregate device ?
Application --(sign_req)--> Mozilla softoken --(C_GenerateRandom)--> hardware
RNG
If softoken were to use an external hardware RNG as its ONLY RNG
Yes, I am interesting, is it possible to make softoken plug RNG at run-time
without much harm to the softoken standards conformance.
(as opposed to considering it as a source of "additional input" to softoken's
own RNG), then the only way that softoken could claim FIPS compliance would be if
softoken was FIPS certified together with that hardware RNG. That hardware RNG would be
considered inside of the softoken's perimeter.
Hmm... but why together ? May certification state:
Plugging in any FIPS-certified hardware RNG keeps softoken+RNG
FIPS-compliant ?
Regards,
--
Konstantin Andreev
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
