On 26/06/15 17:36, Dmitry Belyavsky wrote: > Dear Matt, > > On Fri, Jun 26, 2015 at 2:23 AM, Matt Caswell <m...@openssl.org > <mailto:m...@openssl.org>> wrote: > > > > On 25/06/15 21:58, Viktor Dukhovni wrote: > > On Thu, Jun 25, 2015 at 10:48:08PM +0200, Kurt Roeckx wrote: > > > >> On Thu, Jun 25, 2015 at 11:36:58PM +0300, Dmitry Belyavsky wrote: > >>> > >>> BTW, what does the OpenSSL Team plan regarding the GOST engine? > >> > >> I think some of us want to get rid of it, because it's rather > >> crappy code. > > > > I think that if GOST is really going to be a supported set of > > algorithms, then it should not be an engine, and should be integrated > > properly, with robust well written and carefully reviewed code. > > > > The current engine is IMHO not a good long-term vehicle for providing > > GOST support to OpenSSL users. > > > > I don't see GOST being integrated as a first class citizen in the near > future unless a member of the dev team volunteers to own it. So far I've > not seen any evidence of that happening (although to be fair I've not > asked the question until now!). > > In the absence of such an owner stepping forward, my preferred solution > is to spin GOST out as a separately maintained engine - if we could find > someone willing to take it on. > > > It's not a problem to start mantaining the engine code outside the main > OpenSSL tree. > > But comrehensive support of GOST requires much more: > - TLS (the most messy) > - pkcs12 > - OIDs for algs themselves and for some extensions used in Russia > - some smime-related stuff > etc > > All the enumerated above seems to be much more complicated and could > hardly be supported separately from the main tree.
Yes. I agree there are some things that could not be taken out. I am not proposing to remove those - I'm just talking about taking out the main engine itself. Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
