[cryptography] Just how bad is OpenSSL ?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Oct 30 08:17:18 EDT 2012


Ben Laurie <ben at links.org> writes:
>On Tue, Oct 30, 2012 at 11:17 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>> Ben Laurie <ben at links.org> writes:
>>
>>>Apparently you think the best way to get a secure platform is to apply
>>>pressure through pointless security standards.
>>
>> I think that's a bit of an extreme comment on FIPS 140.  For one thing it
>> makes for a great measure of how desperate a vendor is to get onto the US
>> government procurement gravy train, so it does have some value.
>
>How can it be a great measure of that when OpenSSL has FIPS 140?

It's a perfect measure, it shows how desperate some vendors were to sell
OpenSSL (or OpenSSL-using products) to the USG.

Peter.



More information about the cryptography mailing list