Re: Why still no PKCS#11 ECC key support in OpenSSH ?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Lack of time on the Open Source projects is understandable, and not uncommon.

However, PKCS11 has been in the codebase practically forever - the ECC patches that I saw did not alter the API or such. It is especially non-invasive when digital signature is concerned.

Considering how long those patches have been sitting in the queue, and the continued interest among the users - perhaps you can prioritize the integration?

Regards,
Uri

Sent from my iPhone

> On Aug 12, 2018, at 22:46, Damien Miller <djm@xxxxxxxxxxx> wrote:
> 
>> On Sun, 12 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote:
>> 
>> Tone aside, let me second what Bob said. OpenSSH maintainers seem to
>> be able to find time for many updates and upgrades - but ECC support
>> over PKCS#11 appears to repulse them for more than two years (I don't
>> care to check for exactly how many more).
> 
> There's no "repulsion" involved, just a lack of time coupled with a lot
> of unfinished work and the costs (for me at least) of ramping up on
> an unfamiliar API (PKCS#11).
> 
> -d

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux