My view point (which has been stated elsewhere) is that OpenSSL-3.0 is about internal restructuring to allow for the various things noted in the design documents. It is not about changing the feature set (in a feature reduction sense). In future releases we will make the mixture of providers available more capable and may adjust what algorithms are available and may even do things like place national ciphers in separate providers. But OpenSSL-3.0 is *not* the time to do any of those things. We should be focused on the restructuring and getting the FIPS140 handling in place and not making policy decisions about changing algorithm availability or other such things. The objective is that the vast majority of applications that use OpenSSL-1.1 can use OpenSSL-3.0 with a simple recompilation without any other code changes. That I believe has been our consistent out-bound message in discussions as a group and our overall driver. In the future, things may become more dynamic and we may change the algorithm sets and may use more configuration based approaches and may even place each algorithm in a separate provider and allow for a whole range of dynamic handling. But those are for the future. OpenSSL-3.0 is basically an internally restructured version of OpenSSL-1.1 with a FIPS140 solution. Tim.
> If DSA is almost never used, why enable it by default? I am amused/bemused that, after years of saying we do not know what people are doing with OpenSSL, it now is now becoming common practice to blithely assert "this is not used" when it fits the personal viewpoint of some folks.