This vote has passed: 3 for, 1 against and 2 abstentions. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia
> On 8 May 2020, at 3:08 pm, Dr Paul Dale <[email protected]> wrote: > > PR 11575 <https://github.com/openssl/openssl/pull/11575> has been blocking > awaiting decision for a while now. Time for a vote: > > topic: Merge #11575 for 3.0. > comment: This PR removes the notes indicating that a number of the command > line utilities are deprecated. Not merging it will leave them > flagged > as deprecated. > Proposed by: Paul Dale > Public: yes > opened: 2020-05-08 > > Ideally we’ll have a decision in time for the next 3.0 alpha release. > > > The crux of the matter is that a number of the command line utilities are > flagged as deprecated currently: > dhparam > dsa > dsaparam > ec > ecparam > agendas > rsa > These commands are not being removed in 3.0, instead they’ve been rewritten > to use the PKEY APIs instead of the low level APIs as far as possible. > > > The reasons for keeping them are: > they are easier to use than the pkey replacements > a web search will likely result in thees commands not the pkey replacements. > > The reason for removing them is one of maintenance: having duplicate commands > means having to make changes in two places and this has been missed in the > past and will be in the future. > > > Other random notes: > Deprecation of these commands does not mandate that they are removed at the > first opportunity. It only indicates that we want to move away from them. > Rewriting these commands so that they call the pkey replacements looks to be > very difficult. Reproducing the exact behaviours will be challenging, > although the basic functionality would be straightforward. > The rsautl command is deprecated and isn’t slated for being restored — > pkeyutl is every bit as easy to use. > The -dsaparam option to dhparam is deprecated — it cannot be supported > without direct access to low level functionality we want to remove. > Post quantum crypto will make the discussion obsolete — none of these > algorithms are useful in a quantum computer world. > > My personal opinion is that these commands are good being deprecated but that > we should not remove them until their usefulness is at an end. This will > likely mean not removing them after five years of deprecation. It would mean > removing them once quantum computers are shown to be effective. Without > deprecation now, we can’t remove them until a lot later. > > > Pauli > -- > Dr Paul Dale | Distinguished Architect | Cryptographic Foundations > Phone +61 7 3031 7217 > Oracle Australia > > > >
