<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><a href="https://github.com/openssl/openssl/pull/11575" class="">PR 11575</a> has been blocking awaiting decision for a while now. Time for a vote:<div class=""><br class=""></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;" class=""><div class=""><div class=""><div class="">topic: Merge #11575 for 3.0.</div></div></div><div class=""><div class=""><div class="">comment: This PR removes the notes indicating that a number of the command</div></div></div><div class=""><div class=""><div class=""> line utilities are deprecated. Not merging it will leave them flagged</div></div></div><div class=""><div class=""><div class=""> as deprecated.</div></div></div><div class=""><div class=""><div class="">Proposed by: Paul Dale</div></div></div><div class=""><div class=""><div class="">Public: yes</div></div></div><div class=""><div class=""><div class="">opened: 2020-05-08</div></div></div></blockquote><div class=""><div class=""><br class=""></div><div class="">Ideally we’ll have a decision in time for the next 3.0 alpha release.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">The crux of the matter is that a number of the command line utilities are flagged as deprecated currently:</div><div class=""><ul class=""><li class=""><font face="Courier New" class="">dhparam</font></li><li class=""><font face="Courier New" class="">dsa</font></li><li class=""><font face="Courier New" class="">dsaparam</font></li><li class=""><font face="Courier New" class="">ec</font></li><li class=""><font face="Courier New" class="">ecparam</font></li><li class=""><font face="Courier New" class="">agendas</font></li><li class=""><font face="Courier New" class="">rsa</font></li></ul></div><div class="">These commands are not being removed in 3.0, instead they’ve been rewritten to use the PKEY APIs instead of the low level APIs as far as possible.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">The reasons for keeping them are:</div><div class=""><ul class=""><li class="">they are easier to use than the pkey replacements</li><li class="">a web search will likely result in thees commands not the pkey replacements.</li></ul></div><div class=""><br class=""></div><div class="">The reason for removing them is one of maintenance: having duplicate commands means having to make changes in two places and this has been missed in the past and will be in the future.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Other random notes:</div><div class=""><ul class=""><li class="">Deprecation of these commands does not mandate that they are removed at the first opportunity. It only indicates that we want to move away from them.</li><li class="">Rewriting these commands so that they call the pkey replacements looks to be very difficult. Reproducing the exact behaviours will be challenging, although the basic functionality would be straightforward.</li><li class="">The <font face="Courier New" class="">rsautl</font> command is deprecated and isn’t slated for being restored — <font face="Courier New" class="">pkeyutl</font> is every bit as easy to use.</li><li class="">The <font face="Courier New" class="">-dsaparam</font> option to <font face="Courier New" class="">dhparam</font> is deprecated — it cannot be supported without direct access to low level functionality we want to remove.</li><li class="">Post quantum crypto will make the discussion obsolete — none of these algorithms are useful in a quantum computer world.</li></ul></div><div class=""><br class=""></div><div class=""><div class="">My personal opinion is that these commands are good being deprecated but that we should not remove them until their usefulness is at an end. This will likely mean not removing them after five years of deprecation. It would mean removing them once quantum computers are shown to be effective. Without deprecation now, we can’t remove them until a lot later.</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Pauli<br class=""><div class="">
<div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">-- <br class="">Dr Paul Dale | Distinguished Architect | Cryptographic Foundations <br class="">Phone +61 7 3031 7217<br class="">Oracle Australia</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><br class=""></div><br class="Apple-interchange-newline"></div><br class="Apple-interchange-newline">
</div>
<br class=""></div></div></body></html>