Linked by Thom Holwerda on Tue 25th Jul 2006 11:53 UTC, submitted by lh8
Privacy, Security, Encryption The on-again, off-again status of OpenSSL Certificate 642's validation by the National Institute of Standards and Technology seems to be coming to a conclusion as abruptly as it began.
Order by: Score:
double u tee eff
by bhearsum on Tue 25th Jul 2006 07:26 UTC
bhearsum
Member since:
2006-02-07

"The validation was [originally] suspended because anonymous vendors filed extensive complaints," said Weathersby. He thinks the companies that filed the complaints "have proprietary products of their own and this validation would threaten their business model. That validation is a barrier to entering this market if your product doesn't have it."

Excuse me? This is reason to revoke certification?

Reply Score: 5

Hmm...
by 1c3d0g on Tue 25th Jul 2006 07:34 UTC
1c3d0g
Member since:
2005-07-06

...looks like there are some evil hands brewing this soup...I don't like it. ;)

Reply Score: 2

Outrage
by ZaNkY on Tue 25th Jul 2006 08:30 UTC
ZaNkY
Member since:
2005-10-18

This is an OUTRAGE IMHO.

I don't see how they can justify pulling the plug like that on OpenSSL. I'm willing to bet that NIST received a HEFTY sum of money from the "anonymous vendors".

And this has always been the case. Think OS/2 to some degree.....

--ZaNkY

Reply Score: 2

On the other hand...
by Ronald Vos on Tue 25th Jul 2006 08:44 UTC
Ronald Vos
Member since:
2005-07-06

..I don't see why validation from NIST is so vital. Any IT manager worth his salt should know what OpenSSH is worth, security-wise.

Reply Score: 4

RE: On the other hand...
by Havin_it on Tue 25th Jul 2006 15:22 UTC in reply to "On the other hand..."
Havin_it Member since:
2006-03-10

It could also be argued that any IT manager would know that OpenSSL != OpenSSH ;)

Reply Score: 3

Conclusion jumping
by aesiamun on Tue 25th Jul 2006 09:00 UTC
aesiamun
Member since:
2005-06-29

"Excuse me? This is reason to revoke certification?"
"This is an OUTRAGE IMHO."

He said he thinks...he isn't sure. Don't jump to conclusions until it is known why. In the long run it really doesn't matter anyway because its up for recertification.

Reply Score: 2

RE: On the other hand...
by phoenix on Tue 25th Jul 2006 14:46 UTC
phoenix
Member since:
2005-07-11

A lot of governments and large corporations require it in order for the product to be listed on the procurement/vendor lists.

Reply Score: 4

RE[2]: On the other hand...
by Soulbender on Tue 25th Jul 2006 22:25 UTC
Soulbender
Member since:
2005-08-18

"A lot of governments and large corporations require it in order for the product to be listed on the procurement/vendor lists."

I think you mean "american government and some american companies" because, frankly, most other countries have their own certification agencies who don't really care much about what NIST does and non-american companies really don't care about NIST either.
Not that being NIST certified hurts but it's not all that important in the end.

Reply Score: 2

RE[3]: On the other hand...
by phoenix on Wed 26th Jul 2006 18:18 UTC
phoenix
Member since:
2005-07-11

There's a lot more than a single government in the US (municipal, state, federal), hence "governments".

A lot of "American" companies are also multi-nationals. And with that horrid NAFTA thing, some Canadian and Mexican compannies are also pressured to follow a lot of American rules.

Reply Score: 2

RE[4]: On the other hand...
by Soulbender on Thu 27th Jul 2006 07:27 UTC
Soulbender
Member since:
2005-08-18

"A lot of "American" companies are also multi-nationals."

That doesn't really matter though since you have to follow the local regulations in the countries you operate in. U.S standards aren't magically applied to other countries.

"And with that horrid NAFTA thing, some Canadian and Mexican compannies are also pressured to follow a lot of American rules."
Ok, so that's 3 countries, more or less. Not an awful lot on a global scale ;)

Reply Score: 1