On Tue, Aug 10, 2021 at 11:54:19AM +0100, Matt Caswell wrote: > topic: RSA public exponent validation in 3.0 for the default provider should > be > consistent with 1.1.1
I think this is one of those conflicts between providing a general crypto library, and providing something that is secure by default. As far as I know, at least NIST recommends it to be bigger, and it's been adopted CA/Browser forum as requirement too. The vote is also about the default provider, I assume that the FIPS provider will enforce this both at creation and use time. I think that we should follow the recommendations, and at least enforce this by default for the creation of new keys. But it's not clear if this vote is just about creation, or also about using such a key. So I'm voting -1. Kurt