Content-Disposition: inline
MIME-Version: 1.0
References: <RT-Ticket-46749@isc.org>
 <20171202142323.GA20227@jurassic.lan.banu.com>
 <rt-4.4.1-34262-1512224618-1050.46749-3-0@isc.org>
 <20171203015127.GA13120@isc.org>
 <rt-4.4.1-36279-1512265912-884.46749-4-0@isc.org>
 <20171203040422.GA28025@jurassic.lan.banu.com>
 <rt-4.4.1-36279-1512273873-200.46749-4-0@isc.org>
 <20171203071312.GA16117@isc.org>
 <rt-4.4.1-34262-1512285194-1202.46749-0-0@isc.org>
Content-Transfer-Encoding: binary
Message-ID: <rt-4.4.1-34262-1512315065-575.46749-0-0@isc.org>
X-RT-Interface: Web
In-Reply-To: <rt-4.4.1-34262-1512285194-1202.46749-0-0@isc.org>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
X-Mailer: MIME-tools 5.508 (Entity 5.508)
RT-Send-CC:
Content-Length: 465

On Sun Dec 03 07:13:14 2017, each@isc.org wrote:
> I think if we're going to support PKCS#11, native is the better way to
> go. If I recall correctly, the only reason we kept OpenSSL PKCS#11 was
> that you couldn't run native PKCS#11 with the AEP Keyper. (And that may
> not even be true anymore.)

=> I confirm the last statement. In fact any HSM which can be supported
by a PKCS#11 OpenSSL engine ("a" means our and others) should work
with native PKCS#11 code.