Hello, During package review of the fiat-crypto Rust library, I noticed that it contains an implementation of an elliptic curve (p434) which isn't mentioned on the "good" list here: https://fedoraproject.org/wiki/Legal:ECC
I also can't find any references or sources for this curve (search results for P-434, p434, and curve434 all come up empty). The only mention of "p434" with respect to cryptography is in this Microsoft project: https://github.com/microsoft/PQCrypto-SIDH And looking at the source code, I'm not even sure whether the P-434 curve in fiat-crypto is at all related to SIKEp434 / SIDHp434 schemes that are mentioned there, other than the fact that they happen to be based on the same prime number (2^216 * 3^137 - 1). Given that there's no mention of any elliptic curves that use p434 on the internet (that I could find), is it OK to ship it in a Fedora package, or do we need to remove it from the sources? ref. https://bugzilla.redhat.com/show_bug.cgi?id=2005536 Fabio _______________________________________________ legal mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
