The on-again, off-again status of OpenSSL Certificate 642’s validation by the National Institute of Standards and Technology seems to be coming to a conclusion as abruptly as it began.
The on-again, off-again status of OpenSSL Certificate 642’s validation by the National Institute of Standards and Technology seems to be coming to a conclusion as abruptly as it began.
“The validation was [originally] suspended because anonymous vendors filed extensive complaints,” said Weathersby. He thinks the companies that filed the complaints “have proprietary products of their own and this validation would threaten their business model. That validation is a barrier to entering this market if your product doesn’t have it.”
Excuse me? This is reason to revoke certification?
…looks like there are some evil hands brewing this soup…I don’t like it.
This is an OUTRAGE IMHO.
I don’t see how they can justify pulling the plug like that on OpenSSL. I’m willing to bet that NIST received a HEFTY sum of money from the “anonymous vendors”.
And this has always been the case. Think OS/2 to some degree…..
–ZaNkY
..I don’t see why validation from NIST is so vital. Any IT manager worth his salt should know what OpenSSH is worth, security-wise.
It could also be argued that any IT manager would know that OpenSSL != OpenSSH
“Excuse me? This is reason to revoke certification?”
“This is an OUTRAGE IMHO.”
He said he thinks…he isn’t sure. Don’t jump to conclusions until it is known why. In the long run it really doesn’t matter anyway because its up for recertification.
A lot of governments and large corporations require it in order for the product to be listed on the procurement/vendor lists.
“A lot of governments and large corporations require it in order for the product to be listed on the procurement/vendor lists.”
I think you mean “american government and some american companies” because, frankly, most other countries have their own certification agencies who don’t really care much about what NIST does and non-american companies really don’t care about NIST either.
Not that being NIST certified hurts but it’s not all that important in the end.
There’s a lot more than a single government in the US (municipal, state, federal), hence “governments”.
A lot of “American” companies are also multi-nationals. And with that horrid NAFTA thing, some Canadian and Mexican compannies are also pressured to follow a lot of American rules.
“A lot of “American” companies are also multi-nationals.”
That doesn’t really matter though since you have to follow the local regulations in the countries you operate in. U.S standards aren’t magically applied to other countries.
“And with that horrid NAFTA thing, some Canadian and Mexican compannies are also pressured to follow a lot of American rules.”
Ok, so that’s 3 countries, more or less. Not an awful lot on a global scale