On Thu, Aug 25, 2022 at 8:25 PM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote: > > > > On 8/25/22 6:59 AM, Fabio Valentini wrote: > >> On Tue, Jul 05, 2022 at 12:46:10PM +0200, Miro Hrončok wrote: > >> IANAL or anybody from Fedora, but a similar > >> thread is still waiting for > >> a larger proclaimation about Elliptic Curves in general: > >> https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.o... > >> > >> The package you linked includes secp256k1 and prime256v1. > > secp256k1 seems to be OK. > > For example, it is included in nettle, but it removes secp192r1 and secp224r1 from its sources. > > > > It is also included in openssl: > > > > $ openssl ecparam -list_curves > > secp224r1 : NIST/SECG curve over a 224 bit prime field > > secp256k1 : SECG curve over a 256 bit prime field > > secp384r1 : NIST/SECG curve over a 384 bit prime field > > secp521r1 : NIST/SECG curve over a 521 bit prime field > > prime256v1: X9.62/SECG curve over a 256 bit prime field > > > > So it looks like the removal of secp192r1 and secp224r1 from nettle seems to be outdated, because at least the latter curve is enabled in OpenSSL. > > > > Wasn't there some kind of wiki page that listed elliptic curves which we weren't allowed to ship? I can't seem to find it any longer, so it might have fallen victim to the move of the Legal docs to GitLab ... > > > > > We were careful on the move, and I don't recall anything of this sort. I > searched on the wiki, and seems we may have missed some legal-related > pages, as here it is: https://fedoraproject.org/wiki/Legal:ECC > > That being said, looks like that was last updated 3 years ago, so not > sure if there have been changes since then? > > Between this email thread and others related, I'm not clear on what the > exact question is in terms of what it is that hasn't been allowed and is > being asked to allow? > I'm not certain any of this is necessary anymore. At least the documentation in the hobble-openssl script indicates nothing that we still need to strip out: https://src.fedoraproject.org/rpms/openssl/blob/43e576feab04b0557f63e9eec1b5241773ef79e7/f/hobble-openssl It would be good to check if we can drop all the "hobble" logic for crypto libraries now. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
