X-Spam-Status: No, score=1.5 required=5.0 tests=RCVD_IN_SORBS_WEB autolearn=no autolearn_force=no version=3.4.1
content-type: text/plain; charset="utf-8"
To: "Francis Dupont via RT" <bind9-public@isc.org>
From: "Mukund Sivaraman" <muks@isc.org>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mx.pao1.isc.org
Return-Path: <muks@isc.org>
X-Original-To: bind9-public@bugs.isc.org
References: <RT-Ticket-46749@isc.org> <20171202142323.GA20227@jurassic.lan.banu.com> <rt-4.4.1-34262-1512224618-1050.46749-3-0@isc.org> <20171203015127.GA13120@isc.org> <rt-4.4.1-36279-1512265912-884.46749-4-0@isc.org> <20171203040422.GA28025@jurassic.lan.banu.com> <rt-4.4.1-36279-1512273873-1350.46749-5-0@isc.org> <rt-4.4.1-34262-1512314815-1121.46749-5-0@isc.org>
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id 55288D78B0A for <bind9-public@bugs.isc.org>; Sun,  3 Dec 2017 15:37:43 +0000 (UTC)
Received: from mail.banu.com (mail.banu.com [46.4.129.225]) by mx.pao1.isc.org (Postfix) with ESMTP id 61A413B9208 for <bind9-public@isc.org>; Sun,  3 Dec 2017 15:37:41 +0000 (UTC)
Received: from jurassic.lan.banu.com (unknown [115.118.51.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.banu.com (Postfix) with ESMTPSA id BEF4F56A0834; Sun,  3 Dec 2017 15:37:38 +0000 (GMT)
Message-ID: <20171203153734.GA3035@jurassic.lan.banu.com>
From muks@isc.org  Sun Dec  3 15:37:43 2017
X-RT-Incoming-Encryption: Not encrypted
X-RT-Interface: Email
In-Reply-To: <rt-4.4.1-34262-1512314815-1121.46749-5-0@isc.org>
Date: Sun, 3 Dec 2017 21:07:34 +0530
Delivered-To: bind9-public@bugs.isc.org
User-Agent: Mutt/1.9.1 (2017-09-22)
X-RT-Original-Encoding: utf-8
Content-Disposition: inline
MIME-Version: 1.0
X-Spam-Level: *
Subject: Re: [ISC-Bugs #46749] Update PKCS #11 OpenSSL engine usage documentation in ARM
RT-Message-ID: <rt-4.4.1-34262-1512315464-981.46749-0-0@isc.org>
Content-Length: 852

On Sun, Dec 03, 2017 at 03:26:56PM +0000, Francis Dupont via RT wrote:
> On Sun Dec 03 04:04:33 2017, muks wrote:
> > I want us to minimize the amount of crypto code we have in BIND tree.
> > I
> > want us to drop the native PKCS #11 code and stick to the OpenSSL
> > engine
> > code. With that we'll use a single crypto implementation in the tree.
> 
> => definitely NO.
> If you want to drop things, the PKCS#11 OpenSSL engine patches
> are a good candidate, and the builtin crypto is a second.
> Note for the second it means we agree to make DNSSEC no optional.
> 
> If you agree can I change the title into "Drop" (vs "Update")?

No, please don't change the ticket's title. If you want to suggest
dropping OpenSSL PKCS #11, create a different ticket for it.

The topic of this ticket is to update the documentation to use
engine_pkcs11.

		Mukund