Author christian.heimes
Recipients Andrew DiPrinzio, bkabrda, cheryl.sabella, christian.heimes, cstratak, dholth, dmalcolm, doughellmann, gregory.p.smith, hroncok, icordasc, jpokorny, lukecarrier, miss-islington, pitrou, rbcollins, rpetrov, vstinner, yolanda.robla
Date 2020-04-24.14:47:47
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1587739667.54.0.153608789129.issue9216@roundup.psfhosted.org>
In-reply-to
Content
I'm against exposing the function as hashlib.get_fips_mode() because it is an internal implementation detail. I don't want to confuse users or make users think that "if hashlib.get_fips_mode()" is sufficient for feature tests. For starters there are multiple levels and versions of the FIPS standard like FIPS-140-2 and FIPS-140-3.

Instead if doing a FIPS test, users and applications should perform a feature test and handle the error. The approach is future-proof and can also cover crypto policies restriction like minimum key sizes.
History
Date User Action Args
2020-04-24 14:47:47christian.heimessetrecipients: + christian.heimes, gregory.p.smith, pitrou, vstinner, rbcollins, rpetrov, doughellmann, dmalcolm, dholth, jpokorny, bkabrda, lukecarrier, icordasc, cstratak, yolanda.robla, hroncok, cheryl.sabella, Andrew DiPrinzio, miss-islington
2020-04-24 14:47:47christian.heimessetmessageid: <1587739667.54.0.153608789129.issue9216@roundup.psfhosted.org>
2020-04-24 14:47:47christian.heimeslinkissue9216 messages
2020-04-24 14:47:47christian.heimescreate