Message367195
| Author |
christian.heimes |
| Recipients |
Andrew DiPrinzio, bkabrda, cheryl.sabella, christian.heimes, cstratak, dholth, dmalcolm, doughellmann, gregory.p.smith, hroncok, icordasc, jpokorny, lukecarrier, miss-islington, pitrou, rbcollins, rpetrov, vstinner, yolanda.robla |
| Date |
2020-04-24.14:47:47 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1587739667.54.0.153608789129.issue9216@roundup.psfhosted.org> |
| In-reply-to |
|
| Content |
I'm against exposing the function as hashlib.get_fips_mode() because it is an internal implementation detail. I don't want to confuse users or make users think that "if hashlib.get_fips_mode()" is sufficient for feature tests. For starters there are multiple levels and versions of the FIPS standard like FIPS-140-2 and FIPS-140-3.
Instead if doing a FIPS test, users and applications should perform a feature test and handle the error. The approach is future-proof and can also cover crypto policies restriction like minimum key sizes. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2020-04-24 14:47:47 | christian.heimes | set | recipients:
+ christian.heimes, gregory.p.smith, pitrou, vstinner, rbcollins, rpetrov, doughellmann, dmalcolm, dholth, jpokorny, bkabrda, lukecarrier, icordasc, cstratak, yolanda.robla, hroncok, cheryl.sabella, Andrew DiPrinzio, miss-islington |
| 2020-04-24 14:47:47 | christian.heimes | set | messageid: <1587739667.54.0.153608789129.issue9216@roundup.psfhosted.org> |
| 2020-04-24 14:47:47 | christian.heimes | link | issue9216 messages |
| 2020-04-24 14:47:47 | christian.heimes | create | |
|