Why still no PKCS#11 ECC key support in OpenSSH ?
Bob Smith
b631093f-779b-4d67-9ffe-5f6d5b1d3f8a at protonmail.ch
Mon Aug 13 18:54:25 AEST 2018
On August 13, 2018 3:45 AM, Damien Miller <djm at mindrot.org> wrote:
> On Sun, 12 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote:
>
> > Tone aside, let me second what Bob said. OpenSSH maintainers seem to
> > be able to find time for many updates and upgrades - but ECC support
> > over PKCS#11 appears to repulse them for more than two years (I don't
> > care to check for exactly how many more).
>
> There's no "repulsion" involved, just a lack of time coupled with a lot
> of unfinished work and the costs (for me at least) of ramping up on
> an unfamiliar API (PKCS#11).
>
> -d
>
Thanks for the insight Damian.
Could you at least consider bumping up the priority level (its currently sitting there as a P5 in the back of the queue) ? I fear otherwise it could easily continue festering at the back of the cupboard for another few years!
Thanks
Bob
More information about the openssh-unix-dev
mailing list