On Wed, 2020-05-27 at 12:14 +0100, Matt Caswell wrote:
> PR 10787 proposed to reduce the number of security bits for MD5 and
> SHA1
> in TLS (master branch only, i.e. OpenSSL 3.0):
>
> https://github.com/openssl/openssl/pull/10787
>
> This would have the impact of meaning that TLS < 1.2 would
On Wed, 2020-05-27 at 14:16 +, Dr. Matthias St. Pierre wrote:
> > IMO it seems appropriate to have an OMC vote on this topic (or
> > should it
> > be OTC?). Possible wording:
>
> Personally, I would prefer if technical questions would by default be
> discussed (and voted on)
> by the OTC,
> IMO it seems appropriate to have an OMC vote on this topic (or should it
> be OTC?). Possible wording:
Personally, I would prefer if technical questions would by default be discussed
(and voted on)
by the OTC, unless an OMC member explicitly puts in his veto and claims that
higher level
PR 10787 proposed to reduce the number of security bits for MD5 and SHA1
in TLS (master branch only, i.e. OpenSSL 3.0):
https://github.com/openssl/openssl/pull/10787
This would have the impact of meaning that TLS < 1.2 would not be
available in the default security level of 1. You would have to
If you do this, you should add a FAQ (in addition to NEWS) explaining it.
> I mean I am definitely not against having a vote if someone feels it
> should be done but if nobody requires it, I do not think it would be a
> violation of anything if this is merged without a vote.
Tomáš I dont't mind following your viewpoint at all, and if the OMC thinks
the same, that's
On 27/05/2020 15:33, Tomas Mraz wrote:
> On Wed, 2020-05-27 at 14:16 +, Dr. Matthias St. Pierre wrote:
>>> IMO it seems appropriate to have an OMC vote on this topic (or
>>> should it
>>> be OTC?). Possible wording:
>>
>> Personally, I would prefer if technical questions would by default be
