OTC VOTE: DH Generation

Matt Caswell matt at openssl.org
Wed Nov 18 14:50:42 UTC 2020



On 03/11/2020 11:56, Matt Caswell wrote:
> The vote text is as follows:
> 
> topic: For DH Generation, the OTC accepts the following resolution:
> * Quad-state generation:
>   - PKCS #3;
>   - named groups only;
>   - FIPS 186-2 generation or
>   - FIPS 186-4 generation.
> * For default provider:
>   - change back to PKCS #3 generation as the default and
>   - allow changing to FIPS 186-2, FIPS 186-4 or named groups.
> * For FIPS provider:
>   - choose a known safe prime group as default (rejecting non-standard
> lengths) and
>   - allow a change to FIPS 186-4 generation.
> * For parameter validation in FIPS:
>   - accept if a named group;
>   - run FIPS 186-4 validation if DHX key, otherwise reject.
> * For key validation: if a named group, do just partial key validation.
> * For validation more generally, allow a validation mode to be set.

This vote has now closed:

accepted:  yes  (for: 7, against: 0, abstained: 2, not voted: 2)

Matt



More information about the openssl-project mailing list