NSS (the crypto library used in Firefox, and some Red Hat and Sun products) is open-source, and FIPS-140 level 2 certified:
http://www.mozilla.org/projects/security/pki/nss/f ips/
If you implement an application such as disk encryption using NSS for crypto, you'd be able to claim that it was FIPS 140 compliant. But, as far as I know, no such application currently exists.
FIPS 140 is a US goverment standard for cryptographic implementations. Federal agencies/departments purchasing software with cryptography are required to buy FIPS-140 validated solutions if they exist.
But, it's not only federal government. It's really the only such standard in the US, and so anyone looking for some product which has gone through some type of validation (such as financial industry) will probably require FIPS-140 valdiation.
Disclosure: I'm the Principal Engineer for Red Hat Certificate System. (Previously known as Netscape Certificate Management System).
Our product is fairly widely deployed. For example, every single one of the 18+ million Certificates issued from the US Dept of Defense CAC (smartcard) deployment use our Certificate Authority. There are many other deployments within the Federal government also.
In addition, someone mentioned Geotrust. Geotrust built their certificate issuance service on top our certificate authority, so of course I think very highly of them.
Our product is an enterprise-class (meaning hugely scalable, and fault tolerant), full featured, mature product, written by engineers with many years experience in the PKI field.
But, I would like to turn the question around - If you haven't deployed a PKI yet, what is stopping you?
As an example, one of the deployment-blockers we found in the past few years was the poor integration PKI management systems (Certificate Authorities) had with Smartcard Management Systems. So, we engineered a smartcard management system, and bundled into the Certificate System at no extra cost.
What applications would people like to see PKI-enabled that aren't already?
And since I'm a Red Hat employee now, I am constantly thinking about integration with Red Hat Enterprise Linux and Fedora - so, what changes would you want to see happen?
Slashdot Mirror
See http://directory.fedora.redhat.com/wiki/Mod_nss for more details.
You can send feedback to developers via the Mozilla NSS newsgroup: http://groups.google.com/group/mozilla.dev.tech.cr ypto?lnk=lr&hl=en
NSS (the crypto library used in Firefox, and some Red Hat and Sun products) is open-source, and FIPS-140 level 2 certified: http://www.mozilla.org/projects/security/pki/nss/f ips/
If you implement an application such as disk encryption using NSS for crypto, you'd be able to claim that it was FIPS 140 compliant. But, as far as I know, no such application currently exists.
FIPS 140 is a US goverment standard for cryptographic implementations. Federal agencies/departments purchasing software with cryptography are required to buy FIPS-140 validated solutions if they exist.
But, it's not only federal government. It's really the only such standard in the US, and so anyone looking for some product which has gone through some type of validation (such as financial industry) will probably require FIPS-140 valdiation.
Disclosure: I'm the Principal Engineer for Red Hat Certificate System. (Previously known as Netscape Certificate Management System).
Our product is fairly widely deployed. For example, every single one of the 18+ million Certificates issued from the US Dept of Defense CAC (smartcard) deployment use our Certificate Authority. There are many other deployments within the Federal government also.
In addition, someone mentioned Geotrust. Geotrust built their certificate issuance service on top our certificate authority, so of course I think very highly of them.
Our product is an enterprise-class (meaning hugely scalable, and fault tolerant), full featured, mature product, written by engineers with many years experience in the PKI field.
But, I would like to turn the question around - If you haven't deployed a PKI yet, what is stopping you?
As an example, one of the deployment-blockers we found in the past few years was the poor integration PKI management systems (Certificate Authorities) had with Smartcard Management Systems. So, we engineered a smartcard management system, and bundled into the Certificate System at no extra cost.
What applications would people like to see PKI-enabled that aren't already?
And since I'm a Red Hat employee now, I am constantly thinking about integration with Red Hat Enterprise Linux and Fedora - so, what changes would you want to see happen?