Hi All,
I noticed in the meeting minutes from the 6/18 teleconference that
there was a discussion on vendor-specific attributes - these are
definitely handled by a vendor-specific plug-in, however, in the case
of the attribute HCD_Certification_State, we may can draw on how the
OpenSSL project handles a similar value.
For FIPS 140-2 certification, a specific version of source code was
submitted, including instructions for how to build a "FIPS" version of
the codebase.
In addition, a SHA-1 fingerprint for this specific set of source code
is generated - source code fingerprints are fairly common for security-
related open source projects.
In addition, during the build process, the individual object files are
fingerprinted as well.
There is an additional integrity check performed at runtime.
So there is a source-level, link-time, and runtime verification
performed to make sure that the code that is compiled, built, and run,
is the exact same code that was certified by the FIPS laboratory.
The runtime check is made by the code calling fips_mode_set(), and the
compiler/build-system must be able to order the OpenSSL FIPS code
always in the same order (with respect to relocatable addresses), so
that the runtime fingerprint generated by the FIPS Lab is the same as
is generated each time the code runs.
The value of the FIPS fingerprint could be an example of the
HCD_Certification_State value.
This is a concrete example of how we might think of the
HCD_Certification_State attribute.
Comments?
Randy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2433 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/ids/attachments/20090618/5b0315c4/attachment.p7s>