Security validation of OpenSSL encryption tool uncertain

[TheGesus <thegesus () gmail com>]

Seems to me this could have a ripple effect...

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001892&pageNumber=1

A joint U.S. and Canadian organization that certifies encryption tools
for use by federal government agencies has suspended its validation of
OpenSSL cryptographic technology for the second time in less than six
months.

The decision means that government agencies cannot purchase the
open-source tool for the time being, although those that have already
done so will still be allowed to use it. OpenSSL is an open-source
implementation of the Secure Sockets Layer (SSL) and Transport Layer
security protocols. It is widely used to encrypt and decrypt data on
the Internet.
...
"There are some vendors fighting like hell to make this die, and I can
see why," said Weathersby. "What's going on is the question of the
day. This is not a technology issue, this is a political issue."
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.