Matt, When you say "would prefer new engines to be maintained outside of the OpenSSL tree", do you mean a private webpage and/or GitHub? Is there a central list of Engine implementations? Something that helps the outside world to find a solution not covered by the openssl community?
Thank you, Alex. On Thu, Jun 25, 2015 at 9:03 AM, David Woodhouse <dw...@infradead.org> wrote: > On Thu, 2015-06-25 at 15:45 +0000, Viktor Dukhovni wrote: > > On Thu, Jun 25, 2015 at 04:34:34PM +0100, Matt Caswell wrote: > > > > > Whether such a patch would be accepted though is an entirely > > > different > > > thing. Personally I would prefer new engines to be maintained > > > outside of > > > the OpenSSL tree. Inclusion in the OpenSSL tree implies that the > > > OpenSSL > > > dev team will support the code. That becomes very > > > difficult/impossible > > > if we do not have access to the hardware. > > > > In addition, in order to not dig the hole we're in deeper, the > > contributed code would have to be high quality code. That is, > > clearly written, sensibly commented and well documented. > > > > All in all, it seems unlikely that new engines will become part of > > the OpenSSL official distribution. If anything, some existing > > engines are likely to be retired. > > FWIW I hope that a PKCS#11 engine might be an exception to that rule. > > Note that I say "a" PKCS#11 engine not necessarily "the" PKCS#11 > engine, given the comments about code quality. > > Or rather than an engine, merging a suitably licensed version of > something like libp11 into crypto/p11/ and making PKCS#11 a first-class > citizen in OpenSSL would perhaps be a better option... > > > -- > dwmw2 > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > >
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
