[gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sun Nov 28 11:19:46 CET 2021
Stephan Mueller started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_745615743
> ecc_point_clear(&pub);
> break;
> }
> case GNUTLS_PK_DSA:
Would it make sense to disregard DSA entirely? I.e. mark it not_approved = true? Note, DSA is currently being defined as sunset with the current draft of FIPS 186-5. As this is still a draft, we cannot rely on it nor can we know for certain that DSA will be sunset.
In any case, if DSA is intended to be left approved, shouldn't there be a check: (a) that the key is >= 2048 and (b) the hash is SHA-2 (and SHA-1 for legacy purpose)?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_745615743
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211128/16951fe0/attachment.html>
More information about the Gnutls-devel
mailing list