Content-Type: text/plain; charset="utf-8"
In-Reply-To: <rt-4.4.1-36279-1512273873-1350.46749-0-0@isc.org>
X-RT-Interface: Web
X-RT-Original-Encoding: utf-8
X-Mailer: MIME-tools 5.508 (Entity 5.508)
Content-Transfer-Encoding: binary
References: <RT-Ticket-46749@isc.org>
 <20171202142323.GA20227@jurassic.lan.banu.com>
 <rt-4.4.1-34262-1512224618-1050.46749-3-0@isc.org>
 <20171203015127.GA13120@isc.org>
 <rt-4.4.1-36279-1512265912-884.46749-4-0@isc.org>
 <20171203040422.GA28025@jurassic.lan.banu.com>
 <rt-4.4.1-36279-1512273873-1350.46749-0-0@isc.org>
MIME-Version: 1.0
Content-Disposition: inline
Message-ID: <rt-4.4.1-34262-1512314815-1569.46749-0-0@isc.org>
RT-Send-CC:
Content-Length: 536

On Sun Dec 03 04:04:33 2017, muks wrote:
> I want us to minimize the amount of crypto code we have in BIND tree.
> I
> want us to drop the native PKCS #11 code and stick to the OpenSSL
> engine
> code. With that we'll use a single crypto implementation in the tree.

=> definitely NO.
If you want to drop things, the PKCS#11 OpenSSL engine patches
are a good candidate, and the builtin crypto is a second.
Note for the second it means we agree to make DNSSEC no optional.

If you agree can I change the title into "Drop" (vs "Update")?