OTC VOTE: DH Generation
Matt Caswell
matt at openssl.org
Wed Nov 18 14:50:42 UTC 2020
On 03/11/2020 11:56, Matt Caswell wrote:
> The vote text is as follows:
>
> topic: For DH Generation, the OTC accepts the following resolution:
> * Quad-state generation:
> - PKCS #3;
> - named groups only;
> - FIPS 186-2 generation or
> - FIPS 186-4 generation.
> * For default provider:
> - change back to PKCS #3 generation as the default and
> - allow changing to FIPS 186-2, FIPS 186-4 or named groups.
> * For FIPS provider:
> - choose a known safe prime group as default (rejecting non-standard
> lengths) and
> - allow a change to FIPS 186-4 generation.
> * For parameter validation in FIPS:
> - accept if a named group;
> - run FIPS 186-4 validation if DHX key, otherwise reject.
> * For key validation: if a named group, do just partial key validation.
> * For validation more generally, allow a validation mode to be set.
This vote has now closed:
accepted: yes (for: 7, against: 0, abstained: 2, not voted: 2)
Matt
More information about the openssl-project
mailing list