<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div> <br> <div id="bloop_sign_1487720595914180096" class="bloop_sign"></div> <br><p class="airmail_on">On February 21, 2017 at 3:50:00 PM, Carl Brown (<a href="mailto:carlb@pobox.com">carlb@pobox.com</a>) wrote:</p> <div><blockquote type="cite" class="clean_bq" style="font-family: Helvetica, Arial; font-size: 13px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;"><span><div><span style="color: rgb(0, 0, 0); font-family: 'helvetica Neue', helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); float: none; display: inline !important;">at times, some random, non-technical person in purchasing is making decisions about which bids to disqualify based on a spreadsheet of features with column names like "FIPS compliance (native)" and "FIPS compliance (optional)". In that event, consultants and firms that want to use Swift to fulfill those contracts would have an easier time if OpenSSL was the default.</span></div></span></blockquote></div><p>per Gelareh's comment, FIPS mode would not be the default:</p><div><blockquote type="cite" style="font-family: Helvetica, Arial; font-size: 13px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; padding-left: 5px; border-left-width: 1px !important; border-left-color: rgb(0, 64, 128) !important;">but I would not think that it would be on by default. You are right that a large number of users this is not even a consideration.</blockquote></div><p>My argument is essentially: if the usage is so low that FIPS compliance will not be the default, and if OpenSSL is chosen for FIPS compliance, OpenSSL should not be the default either. Do you believe that there exists a large class of RFPs for which A) someone knows to enable FIPS mode, and B) someone does not know to choose OpenSSL? I believe that is an empty set.</p><div></div><div></div></body></html>