Add a policy for migration of algorithms to the legacy provider #67
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| # Legacy Provider Policy | ||
|
|
||
| ## Purpose | ||
| The Legacy Provider exists to create an opt-in availability mechanism for | ||
| algorithms that, for various reasons, should have their use discouraged. These | ||
| reasons include, but are not limited to: | ||
|
|
||
| * Discovered security issues leaving the algorithm in question unsafe for | ||
| general use | ||
|
|
||
| * Lack of popular use (i.e. balancing code size vs consumption frequency) | ||
nhorman marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| OpenSSL recognizes that consumption of these algorithms may continue to be | ||
| required by consuming applications after the conditions above have been | ||
| recognized. The Legacy provider exists to provide a mechanism for such | ||
| applications to continue having access to these algorithms while preventing | ||
| applications that don't require them from inadvertently using them. | ||
|
|
||
| ## Constraints on moving an algorithm to the legacy provider | ||
|
|
||
| 1) Migration of an algorithm to the legacy provider must occur on a major | ||
| release boundary. Once a major release includes a given algorithm in a given | ||
| provider, it must remain there for every minor release in that major stream. | ||
|
|
||
| 2) Prior to migration, the migration must be announced for at least one | ||
| minor release (see announcement mechanism below). | ||
|
|
||
| 3) Coincidental to the announcement above, the algorithm in question may be made | ||
| available in both the source provider and the legacy provider. | ||
|
There was a problem hiding this comment. source provider? Did you mean default provider? There was a problem hiding this comment. I used the term source, as I didn't want to constrain deprecation to only the default provider. i.e. if we ever want to deprecate algorithms in the fips provider, or if we create say a pq provider in the future, this same process might be useable. There was a problem hiding this comment. This is the only place this file says "source provider". Everywhere else, this file says "default provider"... would that make you reconsider? There was a problem hiding this comment. It does make me reconsider, but I think its an open question of wording. do we want to constrain this policy to the default provider only, or should it apply to any non-legacy provider (default/base/fips/etc)? There was a problem hiding this comment. Last time I checked, There was a problem hiding this comment. Looking back at this, I would go for consistency. Either "default provider", or "source provider", everywhere. |
||
|
|
||
| ## Promotion of algorithms in the legacy provider to the default provider | ||
|
|
||
| Should the need arise, legacy provider algorithms may be promoted to the default | ||
| provider at any time. Removal from the Legacy provider should occur only on | ||
| major release boundaries. | ||
|
|
||
| ## Migration announcement mechanism | ||
|
|
||
| Announcements of migrations from a source provider to the Legacy provider is | ||
|
There was a problem hiding this comment. I would talk about default provider here? FIPS provider has a completely different policy and IMO anything that is in FIPS, should be in default as well. There was a problem hiding this comment. I believe that talking about source provider will just confuse people. Deprecations and removals from the FIPS provider take different rules (and usually when something is removed or deprecated in FIPS provider, it can stay in the default provider for quite long time after that). |
||
| made via the DEPRECATIONS.md file in the source code root directory for | ||
| OpenSSL. This file will list all the identities of the algorithm (names, | ||
| possible OIDs, possible NIDs), the version in which the deprecation was | ||
| announced, and the version in which the algorithm is to be removed from the | ||
| source provider. Note that deprecations may also be announced in the release | ||
| notes. | ||
|
|
||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.