Lack of time on the Open Source projects is understandable, and not uncommon. However, PKCS11 has been in the codebase practically forever - the ECC patches that I saw did not alter the API or such. It is especially non-invasive when digital signature is concerned. Considering how long those patches have been sitting in the queue, and the continued interest among the users - perhaps you can prioritize the integration? Regards, Uri Sent from my iPhone > On Aug 12, 2018, at 22:46, Damien Miller <djm@xxxxxxxxxxx> wrote: > >> On Sun, 12 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote: >> >> Tone aside, let me second what Bob said. OpenSSH maintainers seem to >> be able to find time for many updates and upgrades - but ECC support >> over PKCS#11 appears to repulse them for more than two years (I don't >> care to check for exactly how many more). > > There's no "repulsion" involved, just a lack of time coupled with a lot > of unfinished work and the costs (for me at least) of ramping up on > an unfamiliar API (PKCS#11). > > -d
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev