On Fri, Aug 26, 2022 at 2:25 AM Jilayne Lovejoy <[email protected]> wrote: > > We were careful on the move, and I don't recall anything of this sort. I > searched on the wiki, and seems we may have missed some legal-related > pages, as here it is: https://fedoraproject.org/wiki/Legal:ECC
Yes, this is what I was looking for, thanks. I couldn't find it myself. > That being said, looks like that was last updated 3 years ago, so not > sure if there have been changes since then? It would be good to know whether there's actually still any elliptic curves that we can *not* ship. For example, the package for nettle still removes secp224r1 and secp192r1 from its sources. At least the former no longer seems to be correct, since it's listed as acceptable, and also used by OpenSSL. > Between this email thread and others related, I'm not clear on what the > exact question is in terms of what it is that hasn't been allowed and is > being asked to allow? I think it would be good to know: - Is secp192r1 still not acceptable, or can it be included in nettle now? - Are other elliptic curves acceptable as well? I see questions on this list about brainpool curves, which are apparently mandated by some German government agencies now. - Are there actually any elliptic curves that are still *not* considered acceptable? I.e. could the "hobble" logic be dropped from nettle and openssl entirely? Fabio _______________________________________________ legal mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
