OTC VOTE: Keeping API compatibility with missing public key

Dr. Matthias St. Pierre Matthias.St.Pierre at ncp-e.com
Mon Dec 7 11:21:00 UTC 2020


+1

> -----Original Message-----
> From: openssl-project <openssl-project-bounces at openssl.org> On Behalf Of Matt Caswell
> Sent: Monday, December 7, 2020 10:46 AM
> To: openssl-project at openssl.org
> Subject: Re: OTC VOTE: Keeping API compatibility with missing public key
> 
> +1
> 
> On 04/12/2020 12:45, Tomas Mraz wrote:
> > Vote background
> > ---------------
> >
> > The vote on relaxing the conceptual model in regards to required public
> > component for EVP_PKEY has passed with the following text:
> >
> > For 3.0 EVP_PKEY keys, the OTC accepts the following resolution:
> > * relax the conceptual model to allow private keys to exist without
> > public components;
> > * all implementations apart from EC require the public component to be
> > present;
> > * relax implementation for EC key management to allow private keys that
> > do not contain public keys and
> > * our decoders unconditionally generate the public key (where
> > possible).
> >
> > However since then the issue 13506 [1] was reported.
> >
> > During OTC meeting we concluded that we might need to relax also other
> > public key algorithm implementations to allow private keys without
> > public component.
> >
> > Vote
> > ----
> >
> > topic: For 3.0 EVP_PKEY keys all algorithm implementations that were usable
> >        with 1.1.1 EVP_PKEY API or low level APIs without public component must
> >        stay usable.
> >
> >        This overrules the
> >          * all implementations apart from EC require the public component to be present;
> >        part of the vote closed on 2020-11-17.
> >
> > Proposed by Tomas Mraz
> > Public: yes
> > opened: 2020-12-04
> >
> > Tomas Mraz
> >
> >

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7494 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-project/attachments/20201207/4ce931c1/attachment-0001.bin>


More information about the openssl-project mailing list