[Openswan dev] any plans to get FIPS certification?
Tyler Hicks
tyhicks at linux.vnet.ibm.com
Fri Oct 3 16:42:12 EDT 2008
Paul Wouters wrote:
> On Thu, 2 Oct 2008, Knoke, Jim wrote:
>
>> For all the crypto and RNG algorithms used for IPsec?
>
> RNG should already be FIPS-140 compliant if you run the rngd.
>
>> Or any other suggestions for how to get a FIPSed, open source IPsec
>> solution going on Linux?
>
> There is an effort on its way to use fips certified libraries for crypto
> related calls (gnutls or openssl). Contact me for more information.
Hey Paul - Have you put any consideration into NSS? It is FIPS
certified (http://www.mozilla.org/projects/security/pki/nss/fips/) and
it looks like it will be the crypto solution in the Linux Standard Base
version 4.0 (http://ldn.linuxfoundation.org/node/5576). According to
the roadmap, LSB 4.0-Beta1 is supposed to be released today, but I don't
see it yet.
Tyler Hicks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/dev/attachments/20081003/b59161a0/attachment.bin
More information about the Dev
mailing list