Re: Permissibility of P-434 based elliptic curve in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Apr 30, 2023 at 4:05 PM Richard Fontana <rfontana@xxxxxxxxxx> wrote:
>
> On Sun, Apr 30, 2023 at 7:01 AM Fabio Valentini <decathorpe@xxxxxxxxx> wrote:
> >
> > On Fri, Nov 4, 2022 at 4:25 PM Fabio Valentini <decathorpe@xxxxxxxxx> wrote:
> > >
> > > Hello,
> > >
> > > During package review of the fiat-crypto Rust library, I noticed that
> > > it contains an implementation of an elliptic curve (p434) which isn't
> > > mentioned on the "good" list here:
> > > https://fedoraproject.org/wiki/Legal:ECC
> > >
> > > I also can't find any references or sources for this curve (search
> > > results for P-434, p434, and curve434 all come up empty). The only
> > > mention of "p434" with respect to cryptography is in this Microsoft
> > > project: https://github.com/microsoft/PQCrypto-SIDH
> > >
> > > And looking at the source code, I'm not even sure whether the P-434
> > > curve in fiat-crypto is at all related to SIKEp434 / SIDHp434 schemes
> > > that are mentioned there, other than the fact that they happen to be
> > > based on the same prime number (2^216 * 3^137 - 1).
> > >
> > > Given that there's no mention of any elliptic curves that use p434 on
> > > the internet (that I could find), is it OK to ship it in a Fedora
> > > package, or do we need to remove it from the sources?
> > >
> > > ref. https://bugzilla.redhat.com/show_bug.cgi?id=2005536
> >
> > The linked package review is still blocked by this issue six months later :(
> > Any idea what I can do to move this forward?
>
> Unfortunately I am pretty sure it won't be possible to get a
> resolution on this any time soon.

Ok, so ... I'm pretty sure we actually don't *need* the affected code.
Would removing all p434 related code from the sources entirely (to be
on the safe side), and building the package without support for this
curve, be an acceptable solution until the legal status is cleared up?
All other elliptic curves that are supported by the package are
explicitly listed as OK in the docs.

Fabio
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux