Hi Sergei, > But nowadays ec algorithms are sometimes believed to fall under some > patents, and thus several project (Scientific Linux and CentOS for sure, > and maybe RedHat?) have choosen to exclude ec from their openssl > packages. Even from "devel" versions of the openssl package. > > Thus requirement to have ec.h prerequisite seems too rigid for openxpki, > which can happily exist without ec. > > Do you think that use of ec could be made optional in openxpki?
apologies for the extremely late answer, I was on vacation 'til yesterday. Personally I believe that EC support is important and that we will see more certificates with EC keys in future. As far as I know the patent situation with Elliptic Curves can be addressed by avoiding mechanisms such as Point Compression, so excluding EC from OpenSSL is probably a slightly extreme reaction. However, as we are actually facing the problem due to the decision of the distribution maintainers, I suggest we'll have a look at the build process and determine a way to remove the hard dependency. We must find a way to communicate the (dis)ability to process EC then, of course. Cheers Martin ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ OpenXPKI-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-devel
