MIT Kerberos - FIPS Validation

Paul Moore paul.moore at
Fri Nov 20 13:32:06 EST 2009

there are no details there regarding what plans you have for FIPS

Can you please state

- exactly what bits you will have certified (if any) (specific
libraries, entire client side package, kdc, entire server side package,
- what changes will be made to those bits in order to be compliant

-----Original Message-----
From: krbdev-bounces at [mailto:krbdev-bounces at] On Behalf
Of Zhanna Tsitkova
Sent: Wednesday, September 16, 2009 7:57 PM
To: Thomas Harning Jr.; krbdev at
Subject: RE: MIT Kerberos - FIPS Validation

It is work in progress.  Please, see Crypto Modularity proj @ 

From: krbdev-bounces at MIT.EDU [krbdev-bounces at MIT.EDU] On Behalf Of
Thomas Harning Jr. [thomas.harning at]
Sent: Wednesday, September 16, 2009 2:47 PM
To: krbdev at
Subject: MIT Kerberos - FIPS Validation

Just wondering, has there been any work to make a FIPS-validated MIT
Kerberos client implementation?

I'm guessing that there is some built-in crypto in MIT Kerberos, or do
I have that wrong?  If the crypto is not built-into MIT Kerberos
client, is it implemented by OpenSSL or some other cryptography

Thomas Harning Jr.
krbdev mailing list             krbdev at

krbdev mailing list             krbdev at

More information about the krbdev mailing list