____/ nessuno@xxxxxxxxxxxxxxxxxxx on Wednesday 12 September 2007 16:27 : \____
> <Quote>
> When the Open Source Software Institute (OSSI) sought Federal
> Information Processing Standards (FIPS) 140-2 validation for its
> OpenSSL toolkit last year, it was anything but smooth sailing. In
> fact, the whole process took so long that by the time it eventually
> wound its way through the validation process, it was already
> technically outdated.
>
> FIPS validation of OpenSSL, an open source toolkit that allows
> programs to securely exchange data in the same fashion as proprietary
> versions of Secure Sockets Layer encryption, is crucial in order for
> governmental agencies like the Department of Defense...
>
> [Long delays in validation of OpenSSL. Why?]
>
> The primary reason for the lengthy process was a steep learning curve
> after a new testing method was developed to ensure the security of the
> software. Midway through the validation process, however, the testing
> agency received anonymous complaints about the validity of the code
> base, resulting in a long suspension of the project's validation while
> an investigation was launched. OpenSSL was eventually revalidated.
> Weathersby says the OSSI has reason to believe the complaints came
> from proprietary vendors hoping to initiate a FUD campaign that would
> create doubt in the minds of government agencies who were considering
> using OpenSSL as a data exchange solution.
>
> [Who do you suppose would do a thing like that? Surely not some
> monopolistic corporation that is so sure of the quality of its
> products that it welcomes competition....they wouldn't stoop to using
> anonymous, cowardly, nymshifting FUD campaigns, would they?]
>
> [They've submitted an updated version, don't expect so much trouble
> this time. The quality of the testing process is very high, and....]
>
> "Second, the CMVP put their foot down regarding a lot of the sniping
> we endured from outside sources during the first go around...."
> </Quote>
>
> http://www.linux.com/feature/119134
This was actually the second Linux.com article about the OpenSSL FUD. They used
to call it 'commie code' to even associate this with politics.
You know what's worse? It's not just Linux and Free software anymore. For a
year or so, Microsoft has used proxies to attack Google over privacy
(Microsoft is by far the biggest offender in that department). More recently,
it used it proxies to attack Google Apps. It used FUD like "your career will
be hurt if you rely on Google."
It's bad enough when a government starts Big Lie propaganda. It's even worse
when a monopolistic business can do this while the government does not
care. "Get the Facts" is apparently banned in the UK, but not in America.
--
~~ Best of wishes
Roy S. Schestowitz | WARNING: /dev/null running out of space
http://Schestowitz.com | GNU is Not UNIX | PGP-Key: 0x74572E8E
http://iuron.com - proposing a non-profit search engine
|
|
