matt at openssl.org
Fri Jan 17 10:34:24 UTC 2020
On 17/01/2020 06:31, Dr Paul Dale wrote:
> 1. Leave them public and unchanged — that is, don’t deprecate these two
> functions yet.
> 2. Deprecate them and add KDFs to replace them.
> 3. Deprecate them, leave them alone and hope they go away painlessly at
> some point.
2 is really just and extension of 3 - either way we deprecate them. In 2
we additionally provide a replacement.
I definitely think they *should* be deprecated.
Any replacement would necessarily go in the "legacy" provider I think.
If a replacement is not difficult I would favour that. But I could live
More information about the openssl-project