I remember reading in Linux journal that openssl had been certified. http://www.linuxjournal.com/node/7644/print
I vaguely remember something else about getting source code certified instead of compiled code, but I can't find it. Jason Jason Edgecombe Solaris & Linux Administrator Mosaic Computing Group, College of Engineering UNC-Charlotte Phone: (704) 687-3514 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marcus Watts Sent: Saturday, September 01, 2007 7:47 AM To: [email protected] Subject: Re: Kerberos 5 certified under NIST 140-2. Various wrote: > >I work at the U.S. Census Bureau and would like to use Kerberos 5 as our > >network authentication protocol. The only problem is that for us to meet > >our Certification and Accreditation and use Kerberos 5, it must be > >certified under NIST 140-2. Do you have plans to have version 5 certified? > >My understanding is that version 4 was. ... > When I looked into this for Kerberos, doing the certification cost > around $25,000-$35,000 and took a couple of years. And having seen ... As I read FIPS 140-2, it addresses hardware much more than software, and very much addresses "complete systems" or sometimes "components" and really does not address frameworks or pluggable environments much at all. OpenSource software loses here on several points: 1. it's not a "finished" system. Somebody might come along at any point and change it, invalidating any test results done until that point. 2. the development process for "open source" does not generally conform to FIPS 140-2 appendix A and B. Appendix A describes the documentation that is necessary. There's a lot of it, and it is very specific to the testing required for FIPS 140-2. $25K to hire somebody to produce this would be a real bargain for something as complicated as kerberos 5. Appendix B describes the "recommended software development practice". These practices are probably a bit out of date, and certainly do not describe modern conventions for C. The testing & documentation is certainly considerably more rigorous than many open source projects. Note that the better organized projects at least approach the software methodology suggested here, with interesting differences: for instance the design stage may happen in part via online chat, unit testing may be on the honor system, functional specifications may be terse, & structure charts are nearly extinct except in the personnel department. In fact, I think kerberos 5 probably conforms to about half of these practices. For instance, the "life-cycle software engineering recommendations" including the phrase "may". I suspect the kerberos developers actually follow most of those practices, but may be resistant to documenting that they did so. The coding standards contain many "shoulds" for things that MIT kerberos actually follows far less rigidly MIT kerberos certainly uses gotos (...using only structured programming constructs...), unions ("equivalence of variables should not be used...", global variables ("should not be used..."), and more than 2 exit points for many routines ("...at most two exit points"). In-line documentation is certainly *far* sparser than the appendix B authors suggest. Rather than looking to the open source community to produce this, I think your best bet is to look at one of the vendors to do this. Say, Apple, Solaris, etc. They distribute the complete system, not just the software, so they have a better claim on "complete system", plus both the money stream, and the incentive, to pay for the certification. Apparently at least one of the Solaris people is already pursuing FIPS 140-2 for some of the lower-level crypto stuff (not kerberos yet). -Marcus Watts ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
