FFC domain parameter generation excluded

[paulidale]

Need to verify that we don't permit this.

Might want a FIPS parameter involved.

Section A

[slontis]

This is referring to DSA domain parameters that are in FIPS 186-5. Will need to read up on if this also applies to DH, i.e what does the FIPS 140-3 IG say and also SP800-56 a & b

[t8m]

AFAIK FIPS 186-5 does NOT apply to key agreement schemes.