On Sun, Dec 03, 2017 at 03:26:56PM +0000, Francis Dupont via RT wrote:
> On Sun Dec 03 04:04:33 2017, muks wrote:
> > I want us to minimize the amount of crypto code we have in BIND tree.
> > I
> > want us to drop the native PKCS #11 code and stick to the OpenSSL
> > engine
> > code. With that we'll use a single crypto implementation in the tree.
> 
> => definitely NO.
> If you want to drop things, the PKCS#11 OpenSSL engine patches
> are a good candidate, and the builtin crypto is a second.
> Note for the second it means we agree to make DNSSEC no optional.
> 
> If you agree can I change the title into "Drop" (vs "Update")?

No, please don't change the ticket's title. If you want to suggest
dropping OpenSSL PKCS #11, create a different ticket for it.

The topic of this ticket is to update the documentation to use
engine_pkcs11.

		Mukund