Ben Laurie wrote: > I'd note that most of the work of supporting these things has to be > done in OpenSSL, and unlike Apache, OpenSSL does not have a large > funded development community. > > Expecting volunteers to rush to implement every cute TLS feature is > asking a lot. The way to make this happen is to find money for OpenSSL > development.
Ben: I am very well aware that compared to the applications that use OpenSSL, those working on OpenSSL find it next to impossible to obtain contributions to support their efforts. Individuals and small businesses are not going to write a check for OpenSSL (or an OpenSSL contributor) to develop this code. That's not how people think. Instead someone will write a check to Apache to implement support for said feature because they want it in their web server. The Apache folks will respond with (a) once OpenSSL gives it to us we will have it so don't worry about it; and (b) it won't do you any good anyway because the browsers, webdav clients, etc. don't implement it. We are therefore left with a serious catch-22. The only way that we can get functionality like this implemented is to first obtain agreement from the client and server vendors. Only then might it become reasonable to expect end users to step up with funding. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
