Yeah, Foolscap still works without OpenSSL, albeit with limited functionality. You can only use UnauthenticatedTub, not the regular Tub, which means you don't get secure connections. But all the usual message serialization, etc, still works normally.
We've considered making OpenSSL mandatory (see #67), but haven't yet committed to that. In the meantime, with the recent discussion on #174, we've decided to have applications which want secure connections declare their own dependency on OpenSSL, rather than attempt to use setuptools and it's somewhat-buggy "extras_require" feature to conditionally express this dependency.
So, I guess I'll close this as an INVALID (meaning "it's supposed to work that way"), but we might change our mind if/when #67 gets resolved.
