FIPS Module Specification: Difference between revisions

FIPS Module Specification (view source)

Revision as of 18:19, 9 June 2006

418 bytes added , 9 June 2006

→‎Module Components

Wtchang

canmove, Confirmed users

937

edits

@@ Line 26: / Line 26: @@
 |}
-<div class="note">'''Note''': Filename extensions depend upon the target operating environment. For some CPUs libfreebl3 is distributed in more than one variant. The optimal version is selected at run time.</div>
+<div class=note>'''Note''': Filename extensions depend upon the target operating environment. For some CPUs libfreebl3 is distributed in more than one variant. The optimal version is selected at run time.</div>
-The database code of the NSS module (Berkeley DB 1.85, in mozilla/dbm and mozilla/security/nss/lib/softoken/dbmshim.c) is excluded from the security requirements of FIPS 140-2 because the security-related information stored in the databases is either encrypted (e.g., secret and private cryptographic keys) or digitally signed (e.g., certificates and CRLs).
+The database code of the NSS module (Berkeley DB 1.85, in mozilla/dbm and mozilla/security/nss/lib/softoken/dbmshim.c) is excluded from the security requirements of FIPS 140-2.
+<div class=note>'''Rationale''': The security-related information stored in the databases is either encrypted (e.g., secret and private cryptographic keys) or digitally signed (e.g., certificates and CRLs). If the database code is malfunctioning or misused, the encryption of the secret and private cryptographic keys will ensure that they stay confidential, and the digital signatures on the public data (certificates and CRLs) will detect data corruption or malicious changes. Therefore, the malfunction or misuse of the database code cannot cause a compromise under any reasonable condition.</div>
 The NSS module depends on the following libraries outside the cryptographic boundary.