[openssl-users] Authentication over ECDHE

[jvp]

kudos, matt milosevic. you have not complicated matters but rightly
reminded us of the need for civility and the benefits that accrue from
such an approach in opposition to merely railing while offering little
in the way of a path towards problem resolution. also, appreciation to
richard levitte for his balanced response and patience when many would
have none. one would also hope — as you two and others have suggested —
that everyone understands that the best channel of outlet for someone
"fired-up" over something leads to actually contributing what it takes
to make the fix.

it can be said in different ways amongst all languages, but one's own
value boils down to 'words are cheap and deeds are dear'. while
probably not exactly the watch-words of this news-letter, they
certainly represent the mindset of the many, many highly-competent
contributors whose goal is to make openssl the best crypto
application/library available. not to be forgotten are the many firms
that contribute funds and/or their employee's time on the project as
well as the contributions of funds by individuals.

there is no question that soft-ware that is encumbered with a dual
responsibility for simultaneously affording continuity and adopting
innovation will suffer from bloat. while coders are intent on patching
what is amiss and making new things work, paring back the old often
takes a back seat and openssl fits this mold. moreover, documentation
has been a problem since the "programming" of NCR machine wiring in the
1930's. additionally, i think it is safe to say than no piece of
soft-ware has ever been cited as "over documented". openssl's
stream-lining and documentation will improve, but there are bound to be
those unhappy with the time-line.

i am from the sysadmin side and feel deeply indebted to the wealth of
effort put forth by so many to make openssl what it is today and will
be tomorrow. 


-- 
Thank you,

Johann