Vote proposal: Private keys can exist independently of public keys

Matt Caswell matt at openssl.org
Wed Oct 7 11:29:10 UTC 2020


Issue #12612 exposes a problem with how we handle keys that contain
private components but not public components.

There is a widespread assumption in the code that keys with private
components must have public components. There is text in our public
documentation that states this (and that text dates back to 2006).

OTOH, the code has not always enforced this. Issue #12612 describes a
scenario where this has not historically been enforced, and it now is in
the current 3.0 code causing a regression.

There are differences of opinion on how this should be handled. Some
have the opinion that we should change the model so that we explicitly
allow private keys to exists without the public components. Others feel
that we should continue with the old model.

It seems we need a vote to decide this. Here is my proposed vote text:

We should change the 3.0 code to explicitly allow private components to
exist in keys without the public components also being present.

Feedback please on the proposed vote text.

Matt


More information about the openssl-project mailing list