Background to the vote: The OTC meeting today had an extensive discussion on the issues raised in PR #13228. The code in master uses FIPS186-4 for key and parameter generation by default. In 1.1.1 and before we used PKCS#3 generation. This causes a number of backwards compatibility breaks as discussed in that PR.
The proposed solution that was discussed is to support a number of different modes for parameter generation: - PKCS#3 - PKCS#3 compatible named groups (e.g. "generating" parameters for 2048 bit DH would actually just select an existing 2048-bit named group based on safe primes that is compatible for use with PKCS#3 DH) - FIPS186-2 - FIPS186-4 In the default provider we would default to using PKCS#3 generation for the DH key type, whilst in the FIPS provider we would use PKCS#3 compatible named groups. For parameter validation we will similarly allow a validation mode to be set depending on whether we are expecting PKCS#3, PKCS#3 compatible named groups, FIPS186-4 etc. The vote text is as follows: topic: For DH Generation, the OTC accepts the following resolution: * Quad-state generation: - PKCS #3; - named groups only; - FIPS 186-2 generation or - FIPS 186-4 generation. * For default provider: - change back to PKCS #3 generation as the default and - allow changing to FIPS 186-2, FIPS 186-4 or named groups. * For FIPS provider: - choose a known safe prime group as default (rejecting non-standard lengths) and - allow a change to FIPS 186-4 generation. * For parameter validation in FIPS: - accept if a named group; - run FIPS 186-4 validation if DHX key, otherwise reject. * For key validation: if a named group, do just partial key validation. * For validation more generally, allow a validation mode to be set. Proposed by Matt Caswell Public: yes opened: 2020-11-03 closed: 2020-mm-dd accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) Matt [+1] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [ 0] Shane [+1] Tomas [+1] Kurt [+1] Matthias [ 0] Nicola [+1]