Date: Thu, 8 Apr 1999 14:58:52 GMT
Message-Id: <199904081458.OAA08874@web1.java.sun.com>
From: <marcel.gingras@pwgsc.gc.ca>
To: java-security@java.sun.com, webmaster@java.sun.com,
Subject: JSECURITY Issue: Question on FIPS crypto module certification
Name: Marcel Gingras
Email: marcel.gingras@pwgsc.gc.ca
Organization: Canadian Federal Government
Phone Number: (819) 956-0965
Location: North America
System: Win95
Referring URL: http://www.javasoft.com/nav/developer/index.html
Browser: Netscape
Browser Version: 4
I am a software architect working for the Canadian federal government. My department (Public Works and Government Services Canada) runs the government-wide PKI, which is based on Entrust products.
Our PKI policies state that we must use FIPS approved cryptographic modules. There is no indication at NIST that any Java products have ever been tested or certified. We have some keen Java developers on-site, but we currently seem to be barred from developing a secure, PKI based system due to this lack of certification. Does Sun have any intention of getting any of it's crypto modules certified on any platforms?