[Openswan dev] any plans to get FIPS certification?

Tyler Hicks tyhicks at linux.vnet.ibm.com
Fri Oct 3 16:42:12 EDT 2008


Paul Wouters wrote:
> On Thu, 2 Oct 2008, Knoke, Jim wrote:
> 
>> For all the crypto and RNG algorithms used for IPsec?
> 
> RNG should already be FIPS-140 compliant if you run the rngd.
> 
>> Or any other suggestions for how to get a FIPSed, open source IPsec
>> solution going on Linux?
> 
> There is an effort on its way to use fips certified libraries for crypto
> related calls (gnutls or openssl). Contact me for more information.

Hey Paul - Have you put any consideration into NSS?  It is FIPS
certified (http://www.mozilla.org/projects/security/pki/nss/fips/) and
it looks like it will be the crypto solution in the Linux Standard Base
version 4.0 (http://ldn.linuxfoundation.org/node/5576).  According to
the roadmap, LSB 4.0-Beta1 is supposed to be released today, but I don't
see it yet.

Tyler Hicks

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/dev/attachments/20081003/b59161a0/attachment.bin 


More information about the Dev mailing list