I don't think this is entirely accurate. Apple will, in all likelihood, submit the CommonCrypto modules for FIPS 140-2 validation. If I recall correctly, these should be the underbelly for both iOS and Lion encryption. The modules themselves are what Apple gets validated, not the user-exposed features that leverage them. FileVault2 is simply a consumer of them as would be SSH or an SSL engine for Apache or the IPSec implementation.
What you will eventually need is (a) the FIPS certificate for the CommonCrypto modules and (b) official documentation from Apple stating exactly what features of the OS rely on the CommonCrypto modules. You can state a feature is "FIPS validated" if you can attest that it relies solely on validated modules. Consider how OpenSSH and OpenSSL get FIPS validation by relying on specific modules that received a FIPS certificate. OpenSSH and OpenSSL were not submitted for validation. The crypto modules they use were submitted. Check the certificate on the CMVP website.
-- Walter Rowe, System Hosting Enterprise Systems / OISM 301-975-2885
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
|