OTC VOTE: EVP_PKEY private/public key components
Kurt Roeckx
kurt at roeckx.be
Sun Nov 15 21:36:54 UTC 2020
On Tue, Nov 03, 2020 at 12:11:27PM +0000, Matt Caswell wrote:
>
> The proposal discussed was that while relaxing the conceptual model,
> most of the existing implementations would still require both. The EC
> implementation would be relaxed however. This essentially gives largely
> compatible behaviour between 1.1.1 and 3.0.
>
> The vote text is as follows:
>
> topic: For 3.0 EVP_PKEY keys, the OTC accepts the following resolution:
> * relax the conceptual model to allow private keys to exist without public
> components;
> * all implementations apart from EC require the public component to be
> present;
> * relax implementation for EC key management to allow private keys that
> do not
> contain public keys and
> * our decoders unconditionally generate the public key (where possible).
>
> Proposed by Matt Caswell
> Public: yes
> opened: 2020-11-03
> closed: 2020-mm-dd
> accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T)
So I think being compatible with what 1.1.1 does is important.
And what the text does is try to make rules for what 1.1.1 does,
but as far as I understand it, it's not really describing what
1.1.1 does.
I think we should just fix the regressions. For fixing the
regressions we don't need a vote. You can argue that that would
violate some rule or model that some people think we have, but
clearly we didn't have it.
So I'm voting -1.
Kurt
More information about the openssl-project
mailing list