On Mon Jun 4, Tristan Santore wrote:
this was answered 3 months ago.
To reiterate I will post Tom's response.
> Fedora is legally part of Red Hat, and Red Hat has certain legal
> obligations it is required to adhere to, based on the fact that it is a
> US Company.
> Elliptic Curve Cryptography is currently being reviewed. At this point
> in time, it must not be included or enabled in Fedora.
Has there been any progress on that since then? This is also blocking
the inclusion of GnuTLS v3; we're currently shipping 2.12 which is a
year out of date and lacking some important features and fixes.
The GnuTLS maintainer has clarified¹ that he has *only* used parts of EC
which are documented in RFC6090 — a document which was produced
*specifically* to cover the unpatented parts of Elliptic Curve
cryptography, and which has no normative references dated later than
1994. It even eschews the definitions of MAY/SHOULD/MUST etc. from
RFC2119 and provides its own, because RFC2119 was published later than
For GnuTLS at least, the approval should be fairly much a no-brainer.