Hi again,

Note: I've created a wiki page [1] to summarize and consolidate the results of the discussions that will be happening here about Mbed TLS 3.0.

[1]: https://developer.trustedfirmware.org/w/mbed-tls/tech-plans-3.0/

I also wanted to note that the current goals, as announced yesterday, contain some changes compared to what had been announced nearly one year ago [2], so I'd like to briefly recap what changed and what didn't.

[2]: https://tls.mbed.org/tech-updates/blog/working-towards-mbed-tls-3

Preparing a future based on PSA Crypto --------------------------------------

We remain committed to that, but are now taking a different route towards that goal. Initially we started to split Mbed Crypto out of Mbed TLS, which was not the clean split between PSA Crypto and TLS/X.509 than we want in the long run, so the plan was to evolve towards that. With the experience gained, we now think it's easier to evolve things in one place, so we merged back mbed-crypto into the mbedtls repo (see [3]), and still plan on making PSA Crypto its own product, but only when we're ready to make that split cleanly.

[3]: https://github.com/ARMmbed/mbedtls/issues/3064

Also, we initially hinted that the long-standing `mbedtls_` crypto APIs would be removed in Mbed TLS 3.0 (superseded by the PSA Crypto APIs). We're now considering a more gradual and hopefully more realistic transition where Mbed TLS 3.0 continues to offer some of those APIs for compatibility with existing code-bases, and they would only be actually removed in Mbed TLS 4.0.

TLS 1.3 and message processing rework -------------------------------------

This is still not part of a realistic roadmap for Mbed TLS 3.0, but still close to our hearts for the future.

Switching to a new licensing and contribution model ---------------------------------------------------

This has been done already. The development branch now uses Apache 2.0 only, while the LTS branches are still dual-licensed Apache/GPL2. We moved away from a CLA and closer to an inbound == outbound model (not quite == yet because of the differences between development and LTS branches), see [4].

[4]: https://github.com/ARMmbed/mbedtls/issues/3054

Opening up the governance of the project ----------------------------------------

This also happened already. Mbed TLS is now under open governance as part of the trustedfirmware.org structure.

As a consequence of this move, Mbed TLS is now more focused on building and maintaining a healthy community of users, contributors and maintainers.

Again, I hope that was clear and feel free to ask if you have any question or remark. I'll follow up by starting threads on more specific items.

Regards, Manuel.