On Mon Jun 4, Tristan Santore wrote: > this was answered 3 months ago. > To reiterate I will post Tom's response. > > > Fedora is legally part of Red Hat, and Red Hat has certain legal > > obligations it is required to adhere to, based on the fact that it is a > > US Company. > > > > Elliptic Curve Cryptography is currently being reviewed. At this point > > in time, it must not be included or enabled in Fedora. Has there been any progress on that since then? This is also blocking the inclusion of GnuTLS v3; we're currently shipping 2.12 which is a year out of date and lacking some important features and fixes. The GnuTLS maintainer has clarified¹ that he has *only* used parts of EC which are documented in RFC6090 — a document which was produced *specifically* to cover the unpatented parts of Elliptic Curve cryptography, and which has no normative references dated later than 1994. It even eschews the definitions of MAY/SHOULD/MUST etc. from RFC2119 and provides its own, because RFC2119 was published later than 1994 ☺ For GnuTLS at least, the approval should be fairly much a no-brainer. -- dwmw2 ¹ https://bugzilla.redhat.com/show_bug.cgi?id=726886#c26
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ legal mailing list legal@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/legal
