Difference between revisions of "Talk:FIPS Warnings and Cautions"

From OpenSSLWiki
Jump to: navigation, search
m (add signature)
(No difference)

Latest revision as of 11:40, 12 March 2014

Distribution from Snail Mail CD[edit]

"You must use a source distribution file from an official snail-mailed CD."

I understood it to be the case that you CAN download it, but if you do you MUST verify the HMAC-SHA-1 digest with an independantly validated FIPS 140-2 product. Getting access to such a product may be very difficult for most people!!

Yes, difficult approximating impossible ... see the discussion in Section 6.6 of the FIPS Module User Guide. That discussion summarizes an extensive dialog with the CMVP during which it became clear that no unassailably correct "download" solution was possible (at least for the OpenSSL FIPS Object Module which is held to a different standard than other validations).--Stevem 23:25, 27 January 2014 (UTC)