Re: OTC VOTE: RSA public exponent validation in 3.0
0 On Tue, 10 Aug 2021 12:54:19 +0200, Matt Caswell wrote: > > topic: RSA public exponent validation in 3.0 for the default provider > should be > consistent with 1.1.1 > Comment: See issue #16255 for background > Proposed by Matt Caswell > Public: yes > opened: 2021-08-10 > closed: 2021-mm-dd > accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) > > Dmitry [ 0] > Matt [+1] > Pauli [ ] > Tim[+1] > Richard[ ] > Shane [+1] > Tomas [+1] > Kurt [ ] > Matthias [ ] > Nicola [-0] > -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/
Re: OTC VOTE: RSA public exponent validation in 3.0
This vote is now closed. accepted: yes (for: 4, against: 2, abstained: 3, not voted: 1) On 10/08/2021 11:54, Matt Caswell wrote: topic: RSA public exponent validation in 3.0 for the default provider should be consistent with 1.1.1 Comment: See issue #16255 for background Proposed by Matt Caswell Public: yes opened: 2021-08-10 closed: 2021-mm-dd accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) Dmitry [ 0] Matt [+1] Pauli [ ] Tim [+1] Richard [ ] Shane [+1] Tomas [+1] Kurt [ ] Matthias [ ] Nicola [-0]
Re: OTC VOTE: RSA public exponent validation in 3.0
On Tue, Aug 10, 2021 at 11:54:19AM +0100, Matt Caswell wrote: > topic: RSA public exponent validation in 3.0 for the default provider should > be > consistent with 1.1.1 I think this is one of those conflicts between providing a general crypto library, and providing something that is secure by default. As far as I know, at least NIST recommends it to be bigger, and it's been adopted CA/Browser forum as requirement too. The vote is also about the default provider, I assume that the FIPS provider will enforce this both at creation and use time. I think that we should follow the recommendations, and at least enforce this by default for the creation of new keys. But it's not clear if this vote is just about creation, or also about using such a key. So I'm voting -1. Kurt
Re: OTC VOTE: RSA public exponent validation in 3.0
0 Pauli On 10/8/21 8:54 pm, Matt Caswell wrote: topic: RSA public exponent validation in 3.0 for the default provider should be consistent with 1.1.1 Comment: See issue #16255 for background Proposed by Matt Caswell Public: yes opened: 2021-08-10 closed: 2021-mm-dd accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) Dmitry [ 0] Matt [+1] Pauli [ ] Tim [+1] Richard [ ] Shane [+1] Tomas [+1] Kurt [ ] Matthias [ ] Nicola [-0]
RE: OTC VOTE: RSA public exponent validation in 3.0
-1 > -Original Message- > From: openssl-project On Behalf Of Matt > Caswell > Sent: Tuesday, August 10, 2021 12:54 PM > To: openssl-project@openssl.org > Subject: OTC VOTE: RSA public exponent validation in 3.0 > > topic: RSA public exponent validation in 3.0 for the default provider > should be > consistent with 1.1.1 > Comment: See issue #16255 for background > Proposed by Matt Caswell > Public: yes > opened: 2021-08-10 > closed: 2021-mm-dd > accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) > >Dmitry [ 0] >Matt [+1] >Pauli [ ] >Tim[+1] >Richard[ ] >Shane [+1] >Tomas [+1] >Kurt [ ] >Matthias [ ] >Nicola [-0] smime.p7s Description: S/MIME cryptographic signature
OTC VOTE: RSA public exponent validation in 3.0
topic: RSA public exponent validation in 3.0 for the default provider should be consistent with 1.1.1 Comment: See issue #16255 for background Proposed by Matt Caswell Public: yes opened: 2021-08-10 closed: 2021-mm-dd accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) Dmitry [ 0] Matt [+1] Pauli [ ] Tim[+1] Richard[ ] Shane [+1] Tomas [+1] Kurt [ ] Matthias [ ] Nicola [-0]