Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-58241

PQ policy is in a subpackage that should depend on liboqs/oqs-provide

XMLWordPrintable

    • crypto-policies-20241010-1.git7a71364.el10
    • No
    • Low
    • 1
    • rhel-sst-security-crypto
    • ssg_security
    • 12
    • 1
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto24Q4
    • Hide

      AC1) there's a new crypto-policies-pq-preview subpackage

      AC2) crypto-policies-pq-preview provides a TEST-PQ subpolicy and nothing else

      AC3) crypto-policies-pq-preview depends on liboqs and oqsprovider

      AC4) TEST-PQ can be successfully applied onto all base policies

      AC5) Applying produces warnings about PQ algorithms being experimental

      AC6) Applying TEST-PQ generates policy changes only for backends supporting PQ (openssl, nss, gnutls and openssh)

      AC7) crypto-policies-pq-preview package description (and release notes) states that TEST-PQ is a technology preview

      AC8) (Optional) Package maintainers of of backends supporting PQ signed-off policy generated by DEFAULT:TEST-PQ (openssl, nss, gnutls and openssh)

      AC9) (optional) There is a functional test for each backend supporting PQ testing at least the X25519MLKEM768 and SecP256r1MLKEM768 hybrid key agreement schemes (openssl now, nss and gnutls later)

      Show
      AC1) there's a new crypto-policies-pq-preview subpackage AC2) crypto-policies-pq-preview provides a TEST-PQ subpolicy and nothing else AC3) crypto-policies-pq-preview depends on liboqs and oqsprovider AC4) TEST-PQ can be successfully applied onto all base policies AC5) Applying produces warnings about PQ algorithms being experimental AC6) Applying TEST-PQ generates policy changes only for backends supporting PQ (openssl, nss, gnutls and openssh) AC7) crypto-policies-pq-preview package description (and release notes) states that TEST-PQ is a technology preview AC8) (Optional) Package maintainers of of backends supporting PQ signed-off policy generated by DEFAULT:TEST-PQ (openssl, nss, gnutls and openssh) AC9) (optional) There is a functional test for each backend supporting PQ testing at least the X25519MLKEM768 and SecP256r1MLKEM768 hybrid key agreement schemes (openssl now, nss and gnutls later)
    • Pass
    • Enabled
    • Automated
    • Technology Preview
    • Hide
      Post-quantum cryptography is not ready for production use in RHEL-10.0, but it's very important to allow testing it early to ease migration later. This is why we're providing a TEST-PQ subpolicy in a separate crypto-policies-pq-preview package. Applying TEST-PQ on top of a different policy (e.g., `update-crypto-policies --set DEFAULT:TEST-PQ for DEFAULT`) is the only current way of trying out postquantum cryptography in RHEL system-wide.
      Show
      Post-quantum cryptography is not ready for production use in RHEL-10.0, but it's very important to allow testing it early to ease migration later. This is why we're providing a TEST-PQ subpolicy in a separate crypto-policies-pq-preview package. Applying TEST-PQ on top of a different policy (e.g., `update-crypto-policies --set DEFAULT:TEST-PQ for DEFAULT`) is the only current way of trying out postquantum cryptography in RHEL system-wide.
    • Proposed
    • None

      PQ policy is in a subpackage that should depend on liboqs/oqs-provider
      This ensures that, when PQ policy is enabled, PQ algos will be usable and the system is in reachable state

              asosedki@redhat.com Alexander Sosedkin
              dbelyavs@redhat.com Dmitry Belyavskiy
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: