Bug 1961428

Summary: [RFE] support FIPS-186-5 (eddsa) (RHCS / NSS)
Product: Red Hat Enterprise Linux 9 Reporter: Marc Sauton <msauton>
Component: nssAssignee: Bob Relyea <rrelyea>
Status: NEW --- QA Contact: Alexander Sosedkin <asosedki>
Severity: medium Docs Contact:
Priority: medium    
Version: 9.1CC: cfu, ckelley, edewata, fdelehay, jmagne, mharmsen, rrelyea, ssorce
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2054156    

Description Marc Sauton 2021-05-17 22:09:21 UTC 
Description of problem:

this is a really wide statement: support FIPS-186-5

we "only" reference and support FIPS-186-4 from July 2013 in the install guide at
"
https://access.redhat.com/documentation/en-us/red_hat_certificate_system/10/pdf/planning_installation_and_deployment_guide/Red_Hat_Certificate_System-10-Planning_Installation_and_Deployment_Guide-en-US.pdf
3.2. ALLOWED KEY ALGORITHMS AND THEIR SIZES
"

FIPS-186-5 has been superseding FIPS-186-4 since October 2019

I do not know all the differences and implications, but this should be explored.

For example, one public sector customer has a requirement for "Edwards-Curve Digital Signature Algorithm" / EdDSA support, which we do not have in NSS.


Version-Release number of selected component (if applicable):
RHCS-10 on RHEL-8


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Marc Sauton 2021-05-17 22:20:43 UTC 
Edwards-Curve Digital Signature Algorithm (EdDSA)
https://datatracker.ietf.org/doc/html/rfc8032