From: "Evan Hunt" <each@isc.org>
Subject: Re: [ISC-Bugs #46749] Update PKCS #11 OpenSSL engine usage documentation in ARM
X-RT-Original-Encoding: utf-8
In-Reply-To: <rt-4.4.1-34262-1512224618-1050.46749-3-0@isc.org>
X-RT-Incoming-Encryption: Not encrypted
User-Agent: Mutt/1.5.23 (2014-03-12)
To: "Mukund Sivaraman via RT" <bind9-public@isc.org>
Delivered-To: bind9-public@bugs.isc.org
References: <RT-Ticket-46749@isc.org> <20171202142323.GA20227@jurassic.lan.banu.com> <rt-4.4.1-34262-1512224618-1050.46749-3-0@isc.org>
X-Original-To: bind9-public@bugs.isc.org
MIME-Version: 1.0
Return-Path: <each@isc.org>
X-RT-Interface: Email
From each@isc.org  Sun Dec  3 01:51:28 2017
Received: from bikeshed.isc.org (bikeshed.isc.org [149.20.48.19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id C7E97D78B0B for <bind9-public@bugs.isc.org>; Sun,  3 Dec 2017 01:51:27 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292) id 739A4216C1C; Sun,  3 Dec 2017 01:51:27 +0000 (UTC)
Content-Disposition: inline
Message-ID: <20171203015127.GA13120@isc.org>
content-type: text/plain; charset="utf-8"
Date: Sun, 3 Dec 2017 01:51:27 +0000
CC: 
RT-Message-ID: <rt-4.4.1-36279-1512265906-1465.46749-0-0@isc.org>
Content-Length: 506

> The description in the ARM about using BIND with PKCS #11 as OpenSSL
> engine is very obsolete (not available any longer). This ticket should
> update the ARM with a correct description of how to use BIND with PKCS
> #11 OpenSSL engine on a modern distribution, with example of usage with
> softhsm.

AFAIK the OpenSSL engine is still available (at least we're still
shipping patches for it).

I agree the doc should be updated though. Native PKCS#11 is much more
useful now and ought to be emphasized.