On Sun Dec 03 04:04:33 2017, muks wrote:
> I want us to minimize the amount of crypto code we have in BIND tree.
> I
> want us to drop the native PKCS #11 code and stick to the OpenSSL
> engine
> code. With that we'll use a single crypto implementation in the tree.

=> definitely NO.
If you want to drop things, the PKCS#11 OpenSSL engine patches
are a good candidate, and the builtin crypto is a second.
Note for the second it means we agree to make DNSSEC no optional.

If you agree can I change the title into "Drop" (vs "Update")?