At a high level, this isn't my project and I would look towards the maintainers to provide guidance about the direction they want to go.

However,

In my opinion, this is a debate on Security vs Compatibility. I'm biased more towards security, and I've tried to make it easy for a platform to understand what is happening with PcdEnforceSecureRngAlgorithms . If we default to default the platform never has the chance to understand what Rng Algorithms they provide and if that is a problem for them. Default is obviously the most compatible but it's also the one that may or may not be backed by something insecure. Which is why I would prefer if a platform acknowledges that they know it's backed by something secure or if not its an active decision.

You receive all messages sent to this group.

View/Reply Online (#118824) | | Mute This Topic | New Topic
Your Subscription | Contact Group Owner | Unsubscribe [rebecca@openfw.io]