Hello legal.
I see that ECDSA is already included in Fedora in various packages, so I assume that is OK.
This software here:
https://github.com/starkbank/ecdsa-python
Says:
We currently support secp256k1 [curve].
Is that OK to package in Fedora or not?
Thanks.
On Tue, Jul 05, 2022 at 12:46:10PM +0200, Miro Hrončok wrote:
Hello legal.
I see that ECDSA is already included in Fedora in various packages, so I assume that is OK.
This software here: https://github.com/starkbank/ecdsa-python
Says:
We currently support secp256k1 [curve].
Is that OK to package in Fedora or not?
IANAL or anybody from Fedora, but a similar thread is still waiting for a larger proclaimation about Elliptic Curves in general: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/...
The package you linked includes secp256k1 and prime256v1.
On Tue, Jul 05, 2022 at 12:46:10PM +0200, Miro Hrončok wrote: IANAL or anybody from Fedora, but a similar thread is still waiting for a larger proclaimation about Elliptic Curves in general: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.o...
The package you linked includes secp256k1 and prime256v1.
secp256k1 seems to be OK. For example, it is included in nettle, but it removes secp192r1 and secp224r1 from its sources.
It is also included in openssl:
$ openssl ecparam -list_curves secp224r1 : NIST/SECG curve over a 224 bit prime field secp256k1 : SECG curve over a 256 bit prime field secp384r1 : NIST/SECG curve over a 384 bit prime field secp521r1 : NIST/SECG curve over a 521 bit prime field prime256v1: X9.62/SECG curve over a 256 bit prime field
So it looks like the removal of secp192r1 and secp224r1 from nettle seems to be outdated, because at least the latter curve is enabled in OpenSSL.
Wasn't there some kind of wiki page that listed elliptic curves which we weren't allowed to ship? I can't seem to find it any longer, so it might have fallen victim to the move of the Legal docs to GitLab ...
Fabio
On 8/25/22 6:59 AM, Fabio Valentini wrote:
On Tue, Jul 05, 2022 at 12:46:10PM +0200, Miro Hrončok wrote: IANAL or anybody from Fedora, but a similar thread is still waiting for a larger proclaimation about Elliptic Curves in general: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.o...
The package you linked includes secp256k1 and prime256v1.
secp256k1 seems to be OK. For example, it is included in nettle, but it removes secp192r1 and secp224r1 from its sources.
It is also included in openssl:
$ openssl ecparam -list_curves secp224r1 : NIST/SECG curve over a 224 bit prime field secp256k1 : SECG curve over a 256 bit prime field secp384r1 : NIST/SECG curve over a 384 bit prime field secp521r1 : NIST/SECG curve over a 521 bit prime field prime256v1: X9.62/SECG curve over a 256 bit prime field
So it looks like the removal of secp192r1 and secp224r1 from nettle seems to be outdated, because at least the latter curve is enabled in OpenSSL.
Wasn't there some kind of wiki page that listed elliptic curves which we weren't allowed to ship? I can't seem to find it any longer, so it might have fallen victim to the move of the Legal docs to GitLab ...
We were careful on the move, and I don't recall anything of this sort. I searched on the wiki, and seems we may have missed some legal-related pages, as here it is: https://fedoraproject.org/wiki/Legal:ECC
That being said, looks like that was last updated 3 years ago, so not sure if there have been changes since then?
Between this email thread and others related, I'm not clear on what the exact question is in terms of what it is that hasn't been allowed and is being asked to allow?
Thanks, Jilayne
On Thu, Aug 25, 2022 at 8:25 PM Jilayne Lovejoy jlovejoy@redhat.com wrote:
On 8/25/22 6:59 AM, Fabio Valentini wrote:
On Tue, Jul 05, 2022 at 12:46:10PM +0200, Miro Hrončok wrote: IANAL or anybody from Fedora, but a similar thread is still waiting for a larger proclaimation about Elliptic Curves in general: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.o...
The package you linked includes secp256k1 and prime256v1.
secp256k1 seems to be OK. For example, it is included in nettle, but it removes secp192r1 and secp224r1 from its sources.
It is also included in openssl:
$ openssl ecparam -list_curves secp224r1 : NIST/SECG curve over a 224 bit prime field secp256k1 : SECG curve over a 256 bit prime field secp384r1 : NIST/SECG curve over a 384 bit prime field secp521r1 : NIST/SECG curve over a 521 bit prime field prime256v1: X9.62/SECG curve over a 256 bit prime field
So it looks like the removal of secp192r1 and secp224r1 from nettle seems to be outdated, because at least the latter curve is enabled in OpenSSL.
Wasn't there some kind of wiki page that listed elliptic curves which we weren't allowed to ship? I can't seem to find it any longer, so it might have fallen victim to the move of the Legal docs to GitLab ...
We were careful on the move, and I don't recall anything of this sort. I searched on the wiki, and seems we may have missed some legal-related pages, as here it is: https://fedoraproject.org/wiki/Legal:ECC
That being said, looks like that was last updated 3 years ago, so not sure if there have been changes since then?
Between this email thread and others related, I'm not clear on what the exact question is in terms of what it is that hasn't been allowed and is being asked to allow?
I'm not certain any of this is necessary anymore. At least the documentation in the hobble-openssl script indicates nothing that we still need to strip out: https://src.fedoraproject.org/rpms/openssl/blob/43e576feab04b0557f63e9eec1b5...
It would be good to check if we can drop all the "hobble" logic for crypto libraries now.
On Fri, Aug 26, 2022 at 2:25 AM Jilayne Lovejoy jlovejoy@redhat.com wrote:
We were careful on the move, and I don't recall anything of this sort. I searched on the wiki, and seems we may have missed some legal-related pages, as here it is: https://fedoraproject.org/wiki/Legal:ECC
Yes, this is what I was looking for, thanks. I couldn't find it myself.
That being said, looks like that was last updated 3 years ago, so not sure if there have been changes since then?
It would be good to know whether there's actually still any elliptic curves that we can *not* ship. For example, the package for nettle still removes secp224r1 and secp192r1 from its sources. At least the former no longer seems to be correct, since it's listed as acceptable, and also used by OpenSSL.
Between this email thread and others related, I'm not clear on what the exact question is in terms of what it is that hasn't been allowed and is being asked to allow?
I think it would be good to know:
- Is secp192r1 still not acceptable, or can it be included in nettle now? - Are other elliptic curves acceptable as well? I see questions on this list about brainpool curves, which are apparently mandated by some German government agencies now. - Are there actually any elliptic curves that are still *not* considered acceptable? I.e. could the "hobble" logic be dropped from nettle and openssl entirely?
Fabio