This vote has passed: 3 for, 1 against and 2 abstentions.

Pauli
-- 
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia




> On 8 May 2020, at 3:08 pm, Dr Paul Dale <paul.d...@oracle.com> wrote:
> 
> PR 11575 <https://github.com/openssl/openssl/pull/11575> has been blocking 
> awaiting decision for a while now.  Time for a vote:
> 
> topic: Merge #11575 for 3.0.
> comment: This PR removes the notes indicating that a number of the command
>          line utilities are deprecated.  Not merging it will leave them 
> flagged
>          as deprecated.
> Proposed by: Paul Dale
> Public: yes
> opened: 2020-05-08
> 
> Ideally we’ll have a decision in time for the next 3.0 alpha release.
> 
> 
> The crux of the matter is that a number of the command line utilities are 
> flagged as deprecated currently:
> dhparam
> dsa
> dsaparam
> ec
> ecparam
> agendas
> rsa
> These commands are not being removed in 3.0, instead they’ve been rewritten 
> to use the PKEY APIs instead of the low level APIs as far as possible.
> 
> 
> The reasons for keeping them are:
> they are easier to use than the pkey replacements
> a web search will likely result in thees commands not the pkey replacements.
> 
> The reason for removing them is one of maintenance: having duplicate commands 
> means having to make changes in two places and this has been missed in the 
> past and will be in the future.
> 
> 
> Other random notes:
> Deprecation of these commands does not mandate that they are removed at the 
> first opportunity.  It only indicates that we want to move away from them.
> Rewriting these commands so that they call the pkey replacements looks to be 
> very difficult.  Reproducing the exact behaviours will be challenging, 
> although the basic functionality would be straightforward.
> The rsautl command is deprecated and isn’t slated for being restored — 
> pkeyutl is every bit as easy to use.
> The -dsaparam option to dhparam is deprecated — it cannot be supported 
> without direct access to low level functionality we want to remove.
> Post quantum crypto will make the discussion obsolete — none of these 
> algorithms are useful in a quantum computer world.
> 
> My personal opinion is that these commands are good being deprecated but that 
> we should not remove them until their usefulness is at an end.  This will 
> likely mean not removing them after five years of deprecation.  It would mean 
> removing them once quantum computers are shown to be effective.  Without 
> deprecation now, we can’t remove them until a lot later.
> 
> 
> Pauli
> -- 
> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
> Phone +61 7 3031 7217
> Oracle Australia
> 
> 
> 
> 

Reply via email to