My new blog

Here is my new blog:

http://boblord.livejournal.com/

NSS and FIPS 140

Here's a little crypto news that's been on my mind lately.

The NSS crypto libraries, the first FIPS-validated open-source crypto implementation, is now well on it's way to completing it's 4rd round of FIPS 140 (Level 2) validation. On 1/20/2006 we received the certificates from NIST for AES, Triple DES, SHS, and HMAC.

This is an important milestone. We'll use the FIPS version of NSS in upcoming versions of Red Hat products like the Directory Server and Certificate System. We will also use these libraries in upcoming versions of Firefox and Thunderbird, allowing people in the U.S. Government to upgrade from older versions of the Netscape products (like Netscape Communictor 4.7 in some cases!).

I went through some old docs a few days ago, and was reminded that NSS received its first validation in 1997 as part of the Netscape products. In 2001 we open sourced NSS (after the U.S. export regs changes and the RSA patent expired). In that same year NSS also received its second round of FIPS 140 Level 2 validation, the first as an open source product.

If you've read this far, these links might interest you:
http://wiki.mozilla.org/FIPS_Validation
http://www.mozilla.org/projects/security/pki/nss/fips/
http://www.mozilla.org/projects/security/pki/nss/overview.html