Why still no PKCS#11 ECC key support in OpenSSH ?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Tue Aug 14 00:09:56 AEST 2018
Lack of time on the Open Source projects is understandable, and not uncommon.
However, PKCS11 has been in the codebase practically forever - the ECC patches that I saw did not alter the API or such. It is especially non-invasive when digital signature is concerned.
Considering how long those patches have been sitting in the queue, and the continued interest among the users - perhaps you can prioritize the integration?
Regards,
Uri
Sent from my iPhone
> On Aug 12, 2018, at 22:46, Damien Miller <djm at mindrot.org> wrote:
>
>> On Sun, 12 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote:
>>
>> Tone aside, let me second what Bob said. OpenSSH maintainers seem to
>> be able to find time for many updates and upgrades - but ECC support
>> over PKCS#11 appears to repulse them for more than two years (I don't
>> care to check for exactly how many more).
>
> There's no "repulsion" involved, just a lack of time coupled with a lot
> of unfinished work and the costs (for me at least) of ramping up on
> an unfamiliar API (PKCS#11).
>
> -d
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5801 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20180813/6c278475/attachment.p7s>
More information about the openssh-unix-dev
mailing list