<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div> <br> <div id="bloop_sign_1487721020033495040" class="bloop_sign"></div> <br><p class="airmail_on">On February 21, 2017 at 3:59:13 PM, Gelareh Taban (<a href="mailto:gtaban@us.ibm.com">gtaban@us.ibm.com</a>) wrote:</p> <div><blockquote type="cite" class="clean_bq" style="font-family: Helvetica, Arial; font-size: 13px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;"><span><div><span style="color: rgb(0, 0, 0); font-family: 'helvetica Neue', helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); float: none; display: inline !important;">- Having a compliance tick mark helps Swift adoption in the larger ecosystem, esp if similar guarantees can be made on both macOS and Linux platforms.</span></div></span></blockquote></div><p>I may be misreading something, but I think this guarantee is not even made.</p><p>Per [0], the validation is issued for various configurations with names like "Ubuntu 10.04 running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)" which is, as far as I'm aware, not a supported configuration for Swift. Which of the validated configurations do we intend to support?</p><p>Second, my understanding is that the FIPS-validated OpenSSL is not even packaged by e.g. Ubuntu, in part due to the backdoor concerns I raised earlier [1]. Do we intend to package the FIPS module ourselves and distribute to the supported platforms? Or what exactly is a user's path to running a FIPS-validated module? Because `apt-get install openssl`does not tick the box.</p><p>[0] http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747</p><p>[1] https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/95001</p><p>Drew</p></body></html>