OTC VOTE: DH Generation

Matt Caswell matt at openssl.org
Tue Nov 3 11:56:33 UTC 2020


Background to the vote:

The OTC meeting today had an extensive discussion on the issues raised
in PR #13228. The code in master uses FIPS186-4 for key and parameter
generation by default. In 1.1.1 and before we used PKCS#3 generation.
This causes a number of backwards compatibility breaks as discussed in
that PR.

The proposed solution that was discussed is to support a number of
different modes for parameter generation:
- PKCS#3
- PKCS#3 compatible named groups (e.g. "generating" parameters for 2048
bit DH would actually just select an existing 2048-bit named group based
on safe primes that is compatible for use with PKCS#3 DH)
- FIPS186-2
- FIPS186-4

In the default provider we would default to using PKCS#3 generation for
the DH key type, whilst in the FIPS provider we would use PKCS#3
compatible named groups.

For parameter validation we will similarly allow a validation mode to be
set depending on whether we are expecting PKCS#3, PKCS#3 compatible
named groups, FIPS186-4 etc.

The vote text is as follows:

topic: For DH Generation, the OTC accepts the following resolution:
* Quad-state generation:
  - PKCS #3;
  - named groups only;
  - FIPS 186-2 generation or
  - FIPS 186-4 generation.
* For default provider:
  - change back to PKCS #3 generation as the default and
  - allow changing to FIPS 186-2, FIPS 186-4 or named groups.
* For FIPS provider:
  - choose a known safe prime group as default (rejecting non-standard
lengths) and
  - allow a change to FIPS 186-4 generation.
* For parameter validation in FIPS:
  - accept if a named group;
  - run FIPS 186-4 validation if DHX key, otherwise reject.
* For key validation: if a named group, do just partial key validation.
* For validation more generally, allow a validation mode to be set.

Proposed by Matt Caswell
Public: yes
opened: 2020-11-03
closed: 2020-mm-dd
accepted:  yes/no  (for: X, against: Y, abstained: Z, not voted: T)

  Matt       [+1]
  Mark       [  ]
  Pauli      [+1]
  Viktor     [  ]
  Tim        [+1]
  Richard    [ 0]
  Shane      [+1]
  Tomas      [+1]
  Kurt       [+1]
  Matthias   [ 0]
  Nicola     [+1]



More information about the openssl-project mailing list