Difference between revisions of "Talk:FIPS Warnings and Cautions"
From OpenSSLWiki
Jump to navigationJump to search (Snail mail CD question) |
m (moved Talk:FIPS:FIPS Warnings and Cautions to Talk:FIPS Warnings and Cautions: Fixed page title) |
||
(2 intermediate revisions by one other user not shown) | |||
Line 4: | Line 4: | ||
I understood it to be the case that you CAN download it, but if you do you MUST verify the HMAC-SHA-1 digest with an independantly validated FIPS 140-2 product. Getting access to such a product may be very difficult for most people!! | I understood it to be the case that you CAN download it, but if you do you MUST verify the HMAC-SHA-1 digest with an independantly validated FIPS 140-2 product. Getting access to such a product may be very difficult for most people!! | ||
+ | |||
+ | Yes, difficult approximating impossible ... see the discussion in Section 6.6 of the [https://www.openssl.org/docs/fips/UserGuide-2.0.pdf FIPS Module User Guide]. That discussion summarizes an extensive dialog with the CMVP during which it became clear that no unassailably correct "download" solution was possible (at least for the OpenSSL FIPS Object Module which is held to a different standard than other validations).--[[User:Stevem|Stevem]] 23:25, 27 January 2014 (UTC) |
Latest revision as of 11:40, 12 March 2014
Distribution from Snail Mail CD[edit]
"You must use a source distribution file from an official snail-mailed CD."
I understood it to be the case that you CAN download it, but if you do you MUST verify the HMAC-SHA-1 digest with an independantly validated FIPS 140-2 product. Getting access to such a product may be very difficult for most people!!
Yes, difficult approximating impossible ... see the discussion in Section 6.6 of the FIPS Module User Guide. That discussion summarizes an extensive dialog with the CMVP during which it became clear that no unassailably correct "download" solution was possible (at least for the OpenSSL FIPS Object Module which is held to a different standard than other validations).--Stevem 23:25, 27 January 2014 (UTC)