From owner-freebsd-current Sun Jun 18 02:49:12 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id CAA08749 for current-outgoing; Sun, 18 Jun 1995 02:49:12 -0700 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id CAA08743 for ; Sun, 18 Jun 1995 02:49:06 -0700 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id TAA22668; Sun, 18 Jun 1995 19:46:25 +1000 Date: Sun, 18 Jun 1995 19:46:25 +1000 From: Bruce Evans Message-Id: <199506180946.TAA22668@godzilla.zeta.org.au> To: hsu@clinet.fi Subject: Re: kern/528: interrupt-level buffer overflows Cc: current@freebsd.org Sender: current-owner@freebsd.org Precedence: bulk > Kernel spits out lot of these >Jun 18 05:14:47 pommi /kernel: sio1: 119 more interrupt-level buffer over >flows (total 3642) >Jun 18 05:14:47 pommi /kernel: sio1: 119 more interrupt-level buffer overflows ( >total 3642) For this to happen, softclock() must sometimes be delayed for a long time several clock ticks (about 3 clock ticks for 119 characters at 38400 bps and about (256 - 38) / 38 clock ticks for filling up the 256 character buffer before that. > It also very easily reboots when lots of PPP load exits. I don't know what causes that. > Low tcp performance hints that it is loosing lots of data. All the data reported in the buffer overflow messages is lost. >>Fix: > > I think this feature has already been discussed; grepping > 'interrupt-level' from FAQ's didn't help. If this is a feature > which can be worked around, this might be a doc-bug? However, I Use hardware handshaking. > find it curous how a 386-16 could be too slow to respond for a 38400 > bps link? I've heard that some systems 20 times as fast as a 386/16 are too slow for a 38400 bps link. Bruce From owner-freebsd-current Sun Jun 18 07:50:18 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id HAA14685 for current-outgoing; Sun, 18 Jun 1995 07:50:18 -0700 Received: from hutcs.cs.hut.fi (hutcs.cs.hut.fi [130.233.192.2]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id HAA14679 for ; Sun, 18 Jun 1995 07:50:15 -0700 Received: from shadows.cs.hut.fi by hutcs.cs.hut.fi with SMTP id AA04357 (5.65c8/HUTCS-S 1.4 for ); Sun, 18 Jun 1995 17:49:40 +0300 From: Heikki Suonsivu Received: (hsu@localhost) by shadows.cs.hut.fi (8.6.10/8.6.10) id RAA15079; Sun, 18 Jun 1995 17:49:49 +0300 Date: Sun, 18 Jun 1995 17:49:49 +0300 Message-Id: <199506181449.RAA15079@shadows.cs.hut.fi> To: "Jordan K. Hubbard" Cc: freebsd-current@freefall.cdrom.com In-Reply-To: "Jordan K. Hubbard"'s message of 13 Jun 1995 14:15:32 +0300 Subject: Re: GENERIC kernel & some basic UNIX pointers Organization: Helsinki University of Technology, Otaniemi, Finland Sender: current-owner@FreeBSD.ORG Precedence: bulk predictor-1 compression is so far superior to what's provided by pppd that I can't see any reason to use anything else now. How can it be configured at the server side? The manual page would need more examples and information? -- Heikki Suonsivu, T{ysikuu 10 C 83/02210 Espoo/FINLAND, hsu@cs.hut.fi home +358-0-8031121 work -4513377 fax -4555276 riippu SN From owner-freebsd-current Sun Jun 18 08:11:53 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA15277 for current-outgoing; Sun, 18 Jun 1995 08:11:53 -0700 Received: from asstdc.scgt.oz.au (root@asstdc.scgt.oz.au [202.14.234.65]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id IAA15269 for ; Sun, 18 Jun 1995 08:11:19 -0700 Received: (from imb@localhost) by asstdc.scgt.oz.au (8.6.12/BSD4.4) id BAA16697 for freebsd-current@freebsd.org; Mon, 19 Jun 1995 01:10:57 +1000 From: michael butler Message-Id: <199506181510.BAA16697@asstdc.scgt.oz.au> Subject: Re: GENERIC kernel & some basic UNIX pointers (fwd) To: freebsd-current@freebsd.org Date: Mon, 19 Jun 1995 01:10:56 +1000 (EST) X-Mailer: ELM [version 2.4 PL24beta] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 790 Sender: current-owner@freebsd.org Precedence: bulk Jordan K. Hubbard writes: > predictor-1 compression is so far superior to what's provided by > pppd that I can't see any reason to use anything else now. One reason that it can't be used in some instances is that it currently provides no mechanism (that I've found) with which to disable ip-address negotiation. Specific examples which will always fail are connections to a box running any KA9Q variant (there are lots) and a Telebit NetBlazer. The latter component that this machine talks to is configured to reject any negotiation .. I do not know if that can be changed. In both instances, the user-mode ppp apparently decides that it can't confirm the address used by the other end and drops the connection on the floor. In contrast, "pppd -ip .." works every time, michael From owner-freebsd-current Sun Jun 18 08:49:14 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA16604 for current-outgoing; Sun, 18 Jun 1995 08:49:14 -0700 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id IAA16595 ; Sun, 18 Jun 1995 08:49:09 -0700 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id BAA00010; Mon, 19 Jun 1995 01:46:09 +1000 Date: Mon, 19 Jun 1995 01:46:09 +1000 From: Bruce Evans Message-Id: <199506181546.BAA00010@godzilla.zeta.org.au> To: hsu@cs.hut.fi, jkh@FreeBSD.ORG Subject: Re: GENERIC kernel & some basic UNIX pointers Cc: freebsd-current@freefall.cdrom.com Sender: current-owner@FreeBSD.ORG Precedence: bulk > predictor-1 compression is so far superior to what's provided by > pppd that I can't see any reason to use anything else now. >How can it be configured at the server side? The manual page would need >more examples and information? It's hard to avoid when ppp is serving itself. The man page says to tuen it off using `deny pred' and `disable pred' but the `pred' option is silently ignored - the correct option is `pred1'. I suppose you get by default if the server supports it and doesn't deny it. Bruce From owner-freebsd-current Sun Jun 18 09:01:28 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id JAA17314 for current-outgoing; Sun, 18 Jun 1995 09:01:28 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id JAA17307 ; Sun, 18 Jun 1995 09:01:15 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id SAA28242; Sun, 18 Jun 1995 18:00:58 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id SAA24683; Sun, 18 Jun 1995 18:00:49 +0200 Message-Id: <199506181600.SAA24683@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: rgrimes@gndrsh.aac.dev.com, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org Subject: Crypto code - an architectural proposal. Date: Sun, 18 Jun 1995 18:00:48 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk Hi folks OK - through a conversation with Rod I have pretty much decided not to merge eBones with secure, as it is clear the two are separate. What I would like to do is remove the DES library (libdes.*) from eBones/des and put it in secure/lib/libdes, where I believe it belongs. Included in the new DES code that I have (and in the old BTW) is fcrypt.c, which is a faster (2-3 times) replacement for the DES-based crypt(3) we are currently using. I would like to include this fcrypt.c in libdes to reduce the number of libraries produced. Secure telnet and other bits of code will benefit from this move/merge. What say you? Not being much of a boffin with shared libs, I need to know one thing; Is there going to be a problem if the MD5 shareable libcrypt has a different number of (what do you call them?) 'entry points' to what the new libdes will have? What say you(2)? M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Sun Jun 18 09:31:12 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id JAA18368 for current-outgoing; Sun, 18 Jun 1995 09:31:12 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id JAA18361 ; Sun, 18 Jun 1995 09:30:55 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id SAA28271; Sun, 18 Jun 1995 18:30:40 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id SAA24862; Sun, 18 Jun 1995 18:30:39 +0200 Message-Id: <199506181630.SAA24862@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: roberto@blaise.ibp.fr (Ollivier Robert) cc: mark@grondar.za (Mark Murray), jkh@freebsd.org, current@freebsd.org Subject: Re: DES, crypt and eBones Date: Sun, 18 Jun 1995 18:30:38 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > > Any chances of a copy of _that_ code? Also, are you likely to get in the > > Officially not yet. AFAIK it is still beta code and only the beta testers > are allowed to have it. It was announced at Usenix a few weeks ago. We're > still waiting for it to come out of beta. There was talk about a second > beta but no news from the authors yet. > > > muck if you test code on _another_ machine? Mine for example? :-) :-) :-) > > That could be arranged if you agree not to distribute the code. I would be happy to do _that_ too, (Very happy!), but what I more had in mind, as you are not allowed to possess crypt code, was for you to maybe hammer the crypto stuff on my machine. Would that land you in the mess? Would you be agreeable? > It is not yet telnet compatible (i.e. it requires a port for itself, > the protocol is incompatible) but it has strong points (Diffie-Hellman > key exchange with optional mutual authentification, DES/TDES and IDEA > support, "rsh"-style mode with command execution on the remote host, > preservation of $DISPLAY, SecurID/S-key/password authentification -- > no clear-text password,...). > > It even has a built-in S-key calculator... OOOH! sounds good! . M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Sun Jun 18 10:45:15 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id KAA22643 for current-outgoing; Sun, 18 Jun 1995 10:45:15 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id KAA22637 ; Sun, 18 Jun 1995 10:45:02 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id TAA28334; Sun, 18 Jun 1995 19:44:39 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id TAA25238; Sun, 18 Jun 1995 19:44:39 +0200 Message-Id: <199506181744.TAA25238@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: rgrimes@gndrsh.aac.dev.com, gibbs@freefall.cdrom.com, Wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org Subject: Crypto mods and a stoopid question... Date: Sun, 18 Jun 1995 19:44:38 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk Hi I am messing around with the DES library as though I will toss it into src/secure/lib/libdes, replacing libcipher and libcrypt. I need some guidance. At the moment des.h is put into /usr/include/kerberosIV, which is a bit dumb as it is useful to more than kerberos. Is it OK to put this in /usr/include, or should it go into kerberosIV regardless? What are the standards? Garrett? Now. Time for the _stoopid_ question. I have the docs, and I've printed the FAQ, but I cant find what needs to be put in the "$Id:..." line on newly imported sources. This could well be because I'm dumb, but I'm going mad trying to find it. Please just tell me which FM I ought to read and I'll back off. Rod? -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Sun Jun 18 10:53:34 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id KAA23067 for current-outgoing; Sun, 18 Jun 1995 10:53:34 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id KAA23059 ; Sun, 18 Jun 1995 10:53:31 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id KAA01986; Sun, 18 Jun 1995 10:53:15 -0700 From: "Rodney W. Grimes" Message-Id: <199506181753.KAA01986@gndrsh.aac.dev.com> Subject: Re: Crypto code - an architectural proposal. To: mark@grondar.za (Mark Murray) Date: Sun, 18 Jun 1995 10:53:15 -0700 (PDT) Cc: Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org In-Reply-To: <199506181600.SAA24683@grumble.grondar.za> from "Mark Murray" at Jun 18, 95 06:00:48 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1724 Sender: current-owner@freebsd.org Precedence: bulk > > Hi folks > > OK - through a conversation with Rod I have pretty much decided not > to merge eBones with secure, as it is clear the two are separate. > > What I would like to do is remove the DES library (libdes.*) from > eBones/des and put it in secure/lib/libdes, where I believe it belongs. You don't state your reasons for believing this is where it belongs :-(. And I know have another big problem with the code in there.. it is GPL'ed and not in the gnu subdirectory :-(. [Read copyright on fcrypt.c, went and read eBones/docs.original/README :-(. Also does this code come with eBones? Should this could be maintained on a vendor branch? > Included in the new DES code that I have (and in the old BTW) is > fcrypt.c, which is a faster (2-3 times) replacement for the DES-based > crypt(3) we are currently using. I would like to include this fcrypt.c > in libdes to reduce the number of libraries produced. That would make libdes GPL'ed. Sorry, I can't go for that... > Secure telnet and other bits of code will benefit from this move/merge. Makeing telnet and other bits of code GPL'ed :-(. > What say you? Stop the GPV (Gnu Public Virus or something like that) :-( > Not being much of a boffin with shared libs, I need to know one thing; > Is there going to be a problem if the MD5 shareable libcrypt has a > different number of (what do you call them?) 'entry points' to what > the new libdes will have? > > What say you(2)? > > M > > -- > Mark Murray > 46 Harvey Rd, Claremont, Cape Town 7700, South Africa > +27 21 61-3768 GMT+0200 > -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD From owner-freebsd-current Sun Jun 18 10:57:13 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id KAA23331 for current-outgoing; Sun, 18 Jun 1995 10:57:13 -0700 Received: from localhost.cdrom.com (localhost.cdrom.com [127.0.0.1]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id KAA23321 ; Sun, 18 Jun 1995 10:57:11 -0700 Message-Id: <199506181757.KAA23321@freefall.cdrom.com> X-Authentication-Warning: freefall.cdrom.com: Host localhost.cdrom.com didn't use HELO protocol To: Mark Murray cc: rgrimes@gndrsh.aac.dev.com, Wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org Subject: Re: Crypto mods and a stoopid question... In-reply-to: Your message of "Sun, 18 Jun 95 19:44:38 +0200." <199506181744.TAA25238@grumble.grondar.za> Date: Sun, 18 Jun 1995 10:57:11 -0700 From: "Justin T. Gibbs" Sender: current-owner@freebsd.org Precedence: bulk >Hi > >I am messing around with the DES library as though I will toss it into >src/secure/lib/libdes, replacing libcipher and libcrypt. I need some >guidance. At the moment des.h is put into /usr/include/kerberosIV, which >is a bit dumb as it is useful to more than kerberos. Is it OK to put this >in /usr/include, or should it go into kerberosIV regardless? What are >the standards? Garrett? > >Now. Time for the _stoopid_ question. I have the docs, and I've printed >the FAQ, but I cant find what needs to be put in the "$Id:..." line on >newly imported sources. This could well be because I'm dumb, but I'm >going mad trying to find it. Please just tell me which FM I ought to >read and I'll back off. Rod? > >-- >Mark Murray >46 Harvey Rd, Claremont, Cape Town 7700, South Africa >+27 21 61-3768 GMT+0200 Just put in $Id$. CVS will do the rest, automagically. -- Justin T. Gibbs =========================================== Software Developer - Walnut Creek CDROM FreeBSD: Turning PCs into workstations =========================================== From owner-freebsd-current Sun Jun 18 11:01:18 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA23665 for current-outgoing; Sun, 18 Jun 1995 11:01:18 -0700 Received: from localhost.cdrom.com (localhost.cdrom.com [127.0.0.1]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id LAA23654 ; Sun, 18 Jun 1995 11:01:17 -0700 Message-Id: <199506181801.LAA23654@freefall.cdrom.com> X-Authentication-Warning: freefall.cdrom.com: Host localhost.cdrom.com didn't use HELO protocol To: "Rodney W. Grimes" cc: mark@grondar.za (Mark Murray), Wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org Subject: Re: Crypto code - an architectural proposal. In-reply-to: Your message of "Sun, 18 Jun 95 10:53:15 PDT." <199506181753.KAA01986@gndrsh.aac.dev.com> Date: Sun, 18 Jun 1995 11:01:16 -0700 From: "Justin T. Gibbs" Sender: current-owner@freebsd.org Precedence: bulk >Stop the GPV (Gnu Public Virus or something like that) :-( > Has anyone approached the original author on this? Lets postpone our decision for a few days until we can contact him/her. I'd much rather try to get the GPL removed from this code than simply push it off to another portion of the tree. >-- >Rod Grimes rgrimes@gndrsh.aac.dev.com >Accurate Automation Company Custom computers for FreeBSD -- Justin T. Gibbs =========================================== Software Developer - Walnut Creek CDROM FreeBSD: Turning PCs into workstations =========================================== From owner-freebsd-current Sun Jun 18 11:04:33 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA23948 for current-outgoing; Sun, 18 Jun 1995 11:04:33 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA23935 ; Sun, 18 Jun 1995 11:04:31 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id LAA02048; Sun, 18 Jun 1995 11:04:44 -0700 From: "Rodney W. Grimes" Message-Id: <199506181804.LAA02048@gndrsh.aac.dev.com> Subject: Re: Crypto mods and a stoopid question... To: gibbs@freefall.cdrom.com (Justin T. Gibbs) Date: Sun, 18 Jun 1995 11:04:43 -0700 (PDT) Cc: mark@grondar.za, Wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org In-Reply-To: <199506181757.KAA23321@freefall.cdrom.com> from "Justin T. Gibbs" at Jun 18, 95 10:57:11 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1056 Sender: current-owner@freebsd.org Precedence: bulk > > >Hi > > > >I am messing around with the DES library as though I will toss it into > >src/secure/lib/libdes, replacing libcipher and libcrypt. I need some > >guidance. At the moment des.h is put into /usr/include/kerberosIV, which > >is a bit dumb as it is useful to more than kerberos. Is it OK to put this > >in /usr/include, or should it go into kerberosIV regardless? What are > >the standards? Garrett? > > > >Now. Time for the _stoopid_ question. I have the docs, and I've printed > >the FAQ, but I cant find what needs to be put in the "$Id:..." line on > >newly imported sources. This could well be because I'm dumb, but I'm > >going mad trying to find it. Please just tell me which FM I ought to > >read and I'll back off. Rod? As Justain said just use the value $Id$, it is some place in the rcs docs. > Just put in $Id$. CVS will do the rest, automagically. > -- > Justin T. Gibbs -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD From owner-freebsd-current Sun Jun 18 11:22:31 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA24857 for current-outgoing; Sun, 18 Jun 1995 11:22:31 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA24845 ; Sun, 18 Jun 1995 11:22:18 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id UAA28393; Sun, 18 Jun 1995 20:21:36 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id UAA25378; Sun, 18 Jun 1995 20:21:34 +0200 Message-Id: <199506181821.UAA25378@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: "Rodney W. Grimes" cc: mark@grondar.za (Mark Murray), Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org Subject: Re: Crypto code - an architectural proposal. Date: Sun, 18 Jun 1995 20:21:33 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > > What I would like to do is remove the DES library (libdes.*) from > > eBones/des and put it in secure/lib/libdes, where I believe it belongs. > > You don't state your reasons for believing this is where it belongs :-(. Right. The DES library is of use to more than just eBones. I have a des(1) that is a Sun-compatible DES-encrypter as well as an encrypting telnet that uses this. > And I know have another big problem with the code in there.. it is > GPL'ed and not in the gnu subdirectory :-(. [Read copyright on fcrypt.c, > went and read eBones/docs.original/README :-(. WHOAH! The Eric Young code I have is specifically _not_ GPL'ed. He has a very permissive licence that only really prohibits relicensing. This includes fcrypt.c. I'll tack a copy of his license to the end of this. (Also in the README you mention, the GPL is optional. The `artistic' license is the other option and that is pretty cool.) > Also does this code come with eBones? Should this could be maintained > on a vendor branch? No. It was built to be US-DES compliant, but I got it as a separate library including other bits and pieces (some of which may get you guys in trouble like RSA) of crypto code. Geoff Rehmet put it into eBones as at that time that was the only code which used it. A vendor branch _may_ be a good idea, but I had to do some slash-and-burn to make it look like BSD code. (Only to the directory structure, I have not touched a single *.[ch] file). I am not 100% sure of the issues here, so I will follow your guidance. > > Included in the new DES code that I have (and in the old BTW) is > > fcrypt.c, which is a faster (2-3 times) replacement for the DES-based > > crypt(3) we are currently using. I would like to include this fcrypt.c > > in libdes to reduce the number of libraries produced. > > That would make libdes GPL'ed. Sorry, I can't go for that... Nope. See above. This is Eric Young code. > > Secure telnet and other bits of code will benefit from this move/merge. > > Makeing telnet and other bits of code GPL'ed :-(. > > > What say you? > > Stop the GPV (Gnu Public Virus or something like that) :-( :-) Here is Eric's copyright - which applies to all code I want to import: ------------------------------8<--------------------------------------- Copyright (C) 1995 Eric Young (eay@mincom.oz.au) All rights reserved. This package is an DES implementation written by Eric Young (eay@mincom.oz.au). The implementation was written so as to conform with MIT's libdes. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution. Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of that the SSL library. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Eric Young (eay@mincom.oz.au) THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The license and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distrubution license [including the GNU Public License.] The reason behind this being stated in this direct manner is past experience in code simply being copied and the attribution removed from it and then being distributed as part of other packages. This implementation was a non-trivial and unpaid effort. ------------------------------8<--------------------------------------- M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Sun Jun 18 11:23:44 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA24963 for current-outgoing; Sun, 18 Jun 1995 11:23:44 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA24955 ; Sun, 18 Jun 1995 11:23:33 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id UAA28399; Sun, 18 Jun 1995 20:23:25 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id UAA25416; Sun, 18 Jun 1995 20:23:25 +0200 Message-Id: <199506181823.UAA25416@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: "Justin T. Gibbs" , current@freebsd.org Subject: Re: Crypto mods and a stoopid question... Date: Sun, 18 Jun 1995 20:23:24 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > >Now. Time for the _stoopid_ question. I have the docs, and I've printed > >the FAQ, but I cant find what needs to be put in the "$Id:..." line on > >newly imported sources. This could well be because I'm dumb, but I'm > >going mad trying to find it. Please just tell me which FM I ought to > >read and I'll back off. Rod? > > Just put in $Id$. CVS will do the rest, automagically. Ta! M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Sun Jun 18 11:25:35 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA25170 for current-outgoing; Sun, 18 Jun 1995 11:25:35 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA25119 ; Sun, 18 Jun 1995 11:25:10 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id UAA28408; Sun, 18 Jun 1995 20:24:58 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id UAA25442; Sun, 18 Jun 1995 20:24:57 +0200 Message-Id: <199506181824.UAA25442@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: "Justin T. Gibbs" cc: "Rodney W. Grimes" , mark@grondar.za (Mark Murray), Wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org Subject: Re: Crypto code - an architectural proposal. Date: Sun, 18 Jun 1995 20:24:57 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > Has anyone approached the original author on this? Lets postpone our > decision for a few days until we can contact him/her. I'd much rather > try to get the GPL removed from this code than simply push it off to > another portion of the tree. Yes, Me. He has rewritten his license. Want a copy? (Its _much_ better.) M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Sun Jun 18 12:07:46 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA27359 for current-outgoing; Sun, 18 Jun 1995 12:07:46 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id MAA27351 for ; Sun, 18 Jun 1995 12:07:43 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id MAA02177; Sun, 18 Jun 1995 12:07:20 -0700 From: "Rodney W. Grimes" Message-Id: <199506181907.MAA02177@gndrsh.aac.dev.com> Subject: Re: Crypto code - an architectural proposal. To: mark@grondar.za (Mark Murray) Date: Sun, 18 Jun 1995 12:07:20 -0700 (PDT) Cc: FreeBSD-current@FreeBSD.Org (FreeBSD current) In-Reply-To: <199506181821.UAA25378@grumble.grondar.za> from "Mark Murray" at Jun 18, 95 08:21:33 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 7683 Sender: current-owner@FreeBSD.Org Precedence: bulk [CC: set to -current, we are all on there or had better be!!!] > > > > What I would like to do is remove the DES library (libdes.*) from > > > eBones/des and put it in secure/lib/libdes, where I believe it belongs. > > > > You don't state your reasons for believing this is where it belongs :-(. > > Right. The DES library is of use to more than just eBones. I have > a des(1) that is a Sun-compatible DES-encrypter as well as an encrypting > telnet that uses this. Do you know about the BSD supplied bdes(1) command. I see no need to duplicate that functionality with a des(1). Libdes was originaly part of Kerberos on the 4.4 tape and that is why it probably ended up in eBones where it did. I can see that libdes can be used by much more than eBones, so it would be okay with me to bring in this new libdes into src/secure and place the old one in the Attic. > > And I know have another big problem with the code in there.. it is > > GPL'ed and not in the gnu subdirectory :-(. [Read copyright on fcrypt.c, > > went and read eBones/docs.original/README :-(. > > WHOAH! The Eric Young code I have is specifically _not_ GPL'ed. He has > a very permissive licence that only really prohibits relicensing. This > includes fcrypt.c. I'll tack a copy of his license to the end of this. > (Also in the README you mention, the GPL is optional. The `artistic' > license is the other option and that is pretty cool.) I am not sure of the legal stance of saying ``This program is free software; you can redistribute it and/or modify it under the terms of either:'' and then having one of them be the GPL which says: These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. I would have to consult an attorney on that... Now if Eric Young has provided a copy of this without mention of the GPL any place in it GREAT!!! And thank him for stomping out one copy of the GPV. > > Also does this code come with eBones? Should this could be maintained > > on a vendor branch? > > No. It was built to be US-DES compliant, but I got it as a separate > library including other bits and pieces (some of which may get you guys in > trouble like RSA) of crypto code. Geoff Rehmet put it into eBones as at > that time that was the only code which used it. Please be very carefull on pulling bits and pieces from packages, legalize can come back to haunt us. > A vendor branch _may_ be a good idea, but I had to do some slash-and-burn > to make it look like BSD code. (Only to the directory structure, I have > not touched a single *.[ch] file). I am not 100% sure of the issues here, > so I will follow your guidance. A) Is Eric Young maintaining this code and B) Do you think he will ever release a newer version of it. If either A or B is true we should probably do it on a vendor branch. > > > Included in the new DES code that I have (and in the old BTW) is > > > fcrypt.c, which is a faster (2-3 times) replacement for the DES-based > > > crypt(3) we are currently using. I would like to include this fcrypt.c > > > in libdes to reduce the number of libraries produced. > > > > That would make libdes GPL'ed. Sorry, I can't go for that... > > Nope. See above. This is Eric Young code. I see your copyright below, that looks like the README I just looked at with the first 10 or so lines trimmed off of it. As I state above unless the GPL has been removed from all parts of him distribution IMHO, but not legally expert opinion, it is still GPL'ed code. > > > Secure telnet and other bits of code will benefit from this move/merge. > > > > Makeing telnet and other bits of code GPL'ed :-(. > > > > > What say you? > > > > Stop the GPV (Gnu Public Virus or something like that) :-( > > :-) > Here is Eric's copyright - which applies to all code I want to import: See above... Also a note you might send to Eric, saying ``see file blah blah'' for a copyright is not a very good idea. That is why UCB put the copyright in every single file. > > ------------------------------8<--------------------------------------- > Copyright (C) 1995 Eric Young (eay@mincom.oz.au) > All rights reserved. > > This package is an DES implementation written by Eric Young (eay@mincom.oz.au). > The implementation was written so as to conform with MIT's libdes. > > This library is free for commercial and non-commercial use as long as > the following conditions are aheared to. The following conditions > apply to all code found in this distribution. > > Copyright remains Eric Young's, and as such any Copyright notices in > the code are not to be removed. > If this package is used in a product, Eric Young should be given attribution > as the author of that the SSL library. This can be in the form of a textual > message at program startup or in documentation (online or textual) provided > with the package. > > Redistribution and use in source and binary forms, with or without > modification, are permitted provided that the following conditions > are met: > 1. Redistributions of source code must retain the copyright > notice, this list of conditions and the following disclaimer. > 2. Redistributions in binary form must reproduce the above copyright > notice, this list of conditions and the following disclaimer in the > documentation and/or other materials provided with the distribution. > 3. All advertising materials mentioning features or use of this software > must display the following acknowledgement: > This product includes software developed by Eric Young (eay@mincom.oz.au) > > THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND > ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE > IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE > ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE > FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL > DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS > OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) > HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT > LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY > OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF > SUCH DAMAGE. > > The license and distribution terms for any publically available version or > derivative of this code cannot be changed. i.e. this code cannot simply be > copied and put under another distrubution license > [including the GNU Public License.] > > The reason behind this being stated in this direct manner is past > experience in code simply being copied and the attribution removed > from it and then being distributed as part of other packages. This > implementation was a non-trivial and unpaid effort. > ------------------------------8<--------------------------------------- > > M > -- > Mark Murray > 46 Harvey Rd, Claremont, Cape Town 7700, South Africa > +27 21 61-3768 GMT+0200 > -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD From owner-freebsd-current Sun Jun 18 12:30:15 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA28309 for current-outgoing; Sun, 18 Jun 1995 12:30:15 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id MAA28301 for ; Sun, 18 Jun 1995 12:30:03 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id VAA28490; Sun, 18 Jun 1995 21:29:49 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id VAA25662; Sun, 18 Jun 1995 21:29:49 +0200 Message-Id: <199506181929.VAA25662@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: "Rodney W. Grimes" cc: mark@grondar.za (Mark Murray), FreeBSD-current@FreeBSD.Org (FreeBSD current) Subject: Re: Crypto code - an architectural proposal. Date: Sun, 18 Jun 1995 21:29:48 +0200 From: Mark Murray Sender: current-owner@FreeBSD.Org Precedence: bulk > [CC: set to -current, we are all on there or had better be!!!] Cool... (answers a question I had forgotten to ask). > Do you know about the BSD supplied bdes(1) command. I see no need to > duplicate that functionality with a des(1). Yeah. I just found that. Bang goes des(1)... > Libdes was originaly part of Kerberos on the 4.4 tape and that is why > it probably ended up in eBones where it did. I can see that libdes can > be used by much more than eBones, so it would be okay with me to bring > in this new libdes into src/secure and place the old one in the Attic. Great! > I am not sure of the legal stance of saying ``This program is free software; > you can redistribute it and/or modify it under the terms of either:'' and > then having one of them be the GPL which says: [GPV legalese deleted] > Now if Eric Young has provided a copy of this without mention of the GPL > any place in it GREAT!!! And thank him for stomping out one copy of the > GPV. Already done... > > > Also does this code come with eBones? Should this could be maintained > > > on a vendor branch? > > > > No. It was built to be US-DES compliant, but I got it as a separate > > library including other bits and pieces (some of which may get you guys in > > trouble like RSA) of crypto code. Geoff Rehmet put it into eBones as at > > that time that was the only code which used it. > > Please be very carefull on pulling bits and pieces from packages, legalize > can come back to haunt us. Eric allows any kind of modification, as long as his name is written up. He also mentions the type of sh*t you people could get into with some of his code, so what I am doing is I think for the best. > A) Is Eric Young maintaining this code and > B) Do you think he will ever release a newer version of it. A) Yes B) Yes > If either A or B is true we should probably do it on a vendor branch. OK. I would like to drive, but could you sit in the passenger seat? Just till I get the rules of the road totally right... > I see your copyright below, that looks like the README I just looked at > with the first 10 or so lines trimmed off of it. As I state above unless > the GPL has been removed from all parts of him distribution IMHO, but not > legally expert opinion, it is still GPL'ed code. Nope. You did not read far enough... [snip snip] > > The license and distribution terms for any publically available version or > > derivative of this code cannot be changed. i.e. this code cannot simply be > > copied and put under another distrubution license > > [including the GNU Public License.] <---------------************!!!!! > > > > The reason behind this being stated in this direct manner is past > > experience in code simply being copied and the attribution removed > > from it and then being distributed as part of other packages. This > > implementation was a non-trivial and unpaid effort. M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Sun Jun 18 13:01:16 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA00887 for current-outgoing; Sun, 18 Jun 1995 13:01:16 -0700 Received: from whisker.internet-eireann.ie (whisker.internet-eireann.ie [194.9.34.204]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id NAA00877 for ; Sun, 18 Jun 1995 13:01:08 -0700 Received: from localhost (localhost [127.0.0.1]) by whisker.internet-eireann.ie (8.6.11/8.6.9) with SMTP id VAA05587; Sun, 18 Jun 1995 21:00:13 +0100 X-Authentication-Warning: whisker.internet-eireann.ie: Host localhost didn't use HELO protocol To: michael butler cc: freebsd-current@freebsd.org Subject: Re: GENERIC kernel & some basic UNIX pointers (fwd) In-reply-to: Your message of "Mon, 19 Jun 1995 01:10:56 +1000." <199506181510.BAA16697@asstdc.scgt.oz.au> Date: Sun, 18 Jun 1995 21:00:12 +0100 Message-ID: <5584.803505612@whisker.internet-eireann.ie> From: "Jordan K. Hubbard" Sender: current-owner@freebsd.org Precedence: bulk > One reason that it can't be used in some instances is that it currently > provides no mechanism (that I've found) with which to disable ip-address > negotiation. Specific examples which will always fail are connections to a You should be able to do so by setting the addresses explicitly, at least according to the man page. You tried this, I assume? Jordan From owner-freebsd-current Sun Jun 18 16:59:18 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id QAA10473 for current-outgoing; Sun, 18 Jun 1995 16:59:18 -0700 Received: from clinet.fi (root@clinet.fi [193.64.6.1]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id QAA10466 for ; Sun, 18 Jun 1995 16:59:16 -0700 Received: from katiska.clinet.fi (root@katiska.clinet.fi [193.64.6.3]) by clinet.fi (8.6.10/8.6.4) with ESMTP id CAA27179; Mon, 19 Jun 1995 02:59:08 +0300 From: Heikki Suonsivu Received: (hsu@localhost) by katiska.clinet.fi (8.6.11/8.6.4) id CAA03497; Mon, 19 Jun 1995 02:59:08 +0300 Date: Mon, 19 Jun 1995 02:59:08 +0300 Message-Id: <199506182359.CAA03497@katiska.clinet.fi> To: Bruce Evans Cc: hsu@clinet.fi, current@freebsd.org Subject: Re: kern/528: interrupt-level buffer overflows In-Reply-To: <199506180946.TAA22668@godzilla.zeta.org.au> References: <199506180946.TAA22668@godzilla.zeta.org.au> Organization: Clinet Ltd, Espoo, Finland Sender: current-owner@freebsd.org Precedence: bulk Bruce Evans writes: > >Jun 18 05:14:47 pommi /kernel: sio1: 119 more interrupt-level buffer over > >flows (total 3642) > >Jun 18 05:14:47 pommi /kernel: sio1: 119 more interrupt-level buffer overflows ( > >total 3642) > For this to happen, softclock() must sometimes be delayed for a long time > several clock ticks (about 3 clock ticks for 119 characters at 38400 bps > and about (256 - 38) / 38 clock ticks for filling up the 256 character > buffer before that. > >>Fix: > Use hardware handshaking. Its a leased line, no hardware handshake. WIth decent uarts it shouldn't a problem to run even at 115k (It did work with Linux on 386/16 and FreeBSD on 486/66, about 11kbytes per second for ftp transfer). I can think of increasing the serial buffers (256 characters sounds low) and if the problem is interrupt latency, dropping the trigger level on uarts. Any ideas? > I've heard that some systems 20 times as fast as a 386/16 are too slow for > a 38400 bps link. With 16550's? Less than 300 interrupts per second? -- Heikki Suonsivu, T{ysikuu 10 C 83/02210 Espoo/FINLAND, hsu@cs.hut.fi home +358-0-8031121 work -4375209 fax -4555276 riippu SN From owner-freebsd-current Sun Jun 18 17:53:11 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id RAA12359 for current-outgoing; Sun, 18 Jun 1995 17:53:11 -0700 Received: from localhost.cdrom.com (localhost.cdrom.com [127.0.0.1]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id RAA12349 ; Sun, 18 Jun 1995 17:53:09 -0700 Message-Id: <199506190053.RAA12349@freefall.cdrom.com> X-Authentication-Warning: freefall.cdrom.com: Host localhost.cdrom.com didn't use HELO protocol To: Mark Murray cc: "Rodney W. Grimes" , Wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org Subject: Re: Crypto code - an architectural proposal. In-reply-to: Your message of "Sun, 18 Jun 95 20:24:57 +0200." <199506181824.UAA25442@grumble.grondar.za> Date: Sun, 18 Jun 1995 17:53:09 -0700 From: "Justin T. Gibbs" Sender: current-owner@freebsd.org Precedence: bulk >> Has anyone approached the original author on this? Lets postpone our >> decision for a few days until we can contact him/her. I'd much rather >> try to get the GPL removed from this code than simply push it off to >> another portion of the tree. > >Yes, Me. > >He has rewritten his license. Want a copy? (Its _much_ better.) I read the one you sent in the last message. Looks fine to me. The only remaining thing to do is ensure that the wording in the README file is clear about the GPL being "optional". >M > >-- >Mark Murray >46 Harvey Rd, Claremont, Cape Town 7700, South Africa >+27 21 61-3768 GMT+0200 -- Justin T. Gibbs =========================================== Software Developer - Walnut Creek CDROM FreeBSD: Turning PCs into workstations =========================================== From owner-freebsd-current Sun Jun 18 17:59:15 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id RAA12593 for current-outgoing; Sun, 18 Jun 1995 17:59:15 -0700 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id RAA12580 for ; Sun, 18 Jun 1995 17:59:10 -0700 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id KAA11834; Mon, 19 Jun 1995 10:51:08 +1000 Date: Mon, 19 Jun 1995 10:51:08 +1000 From: Bruce Evans Message-Id: <199506190051.KAA11834@godzilla.zeta.org.au> To: bde@zeta.org.au, hsu@clinet.fi Subject: Re: kern/528: interrupt-level buffer overflows Cc: current@freebsd.org Sender: current-owner@freebsd.org Precedence: bulk >Its a leased line, no hardware handshake. WIth decent uarts it shouldn't a >problem to run even at 115k (It did work with Linux on 386/16 and FreeBSD >on 486/66, about 11kbytes per second for ftp transfer). The FreeBSD driver was developed on a 386preDX/20 with an 8250. The speed was about 9.5 KB.sec for ftp. Hardware handshaking was probably required to avoid problems from transient loads. >I can think of increasing the serial buffers (256 characters sounds low) >and if the problem is interrupt latency, dropping the trigger level on >uarts. Any ideas? You would get silo overflows if the problem was in the interrupt handler. Increasing the buffer sizes would probably fix it. The tty input buffer (of size TTYHOG) must be more than twice as large as the interrupt buffer (of size RS_IBUFSIZE). > > I've heard that some systems 20 times as fast as a 386/16 are too slow for > > a 38400 bps link. >With 16550's? Less than 300 interrupts per second? Actually with 8530's (?), but it's not hard to find examples where serial interrupts would be delayed for several ms if the serial driver didn't use fast interrupts. Consider this code in syscons/update_leds(): s = spltty(); kbd_cmd(...); kbd_cmd(...); splx(s); Last time I checked, my keyboard took a ms or two to set the leds. That is the best case. If the keyboard is disconnected, then kbd_cmd() will take about 1 second to time out. Any driver that polls may cause this type of denial of service. Bruce From owner-freebsd-current Sun Jun 18 23:43:43 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id XAA29386 for current-outgoing; Sun, 18 Jun 1995 23:43:43 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id XAA29379 ; Sun, 18 Jun 1995 23:43:27 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id IAA29222; Mon, 19 Jun 1995 08:43:16 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id IAA27634; Mon, 19 Jun 1995 08:43:11 +0200 Message-Id: <199506190643.IAA27634@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: rgrimes@gndrsh.aac.dev.com, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org Subject: Crypto moves - ome more question. Date: Mon, 19 Jun 1995 08:43:11 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk As the concensus is now that the DES library should move out of eBones and into secure, where is a decent place to put the header file(s). At the moment there is only one, des.h, and that is installed into /usr/include/kerberosIV - not a good idea anymore. Also, if I include more of Eric Young's crypto code, their headers should go in the same place. What is good? Eric's full-blown library (SSLeay) is called libcrypto. So how about /usr/include/crypto? Or just bunging it into /usr/include? M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Mon Jun 19 00:55:05 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id AAA01770 for current-outgoing; Mon, 19 Jun 1995 00:55:05 -0700 Received: from campino.informatik.rwth-aachen.de (campino.Informatik.RWTH-Aachen.DE [137.226.225.2]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id AAA01763 for ; Mon, 19 Jun 1995 00:55:01 -0700 Received: from gilberto.physik.rwth-aachen.de by campino.informatik.rwth-aachen.de (4.1/campino-7) id AA07357; Mon, 19 Jun 95 09:54:56 +0200 Received: (from kuku@localhost) by gilberto.physik.rwth-aachen.de (8.6.8/8.6.9) id KAA05218 for freebsd-current@freefall.cdrom.com; Mon, 19 Jun 1995 10:06:57 +0200 Date: Mon, 19 Jun 1995 10:06:57 +0200 From: "Christoph P. Kukulies" Message-Id: <199506190806.KAA05218@gilberto.physik.rwth-aachen.de> To: freebsd-current@freefall.cdrom.com Subject: world build fails (mklocale) Sender: current-owner@FreeBSD.org Precedence: bulk /usr/src/usr.bin/mklocale/Makefile contains LOCALES= ja_JP.EUC ru_SU.KOI8-R lt_LN.ISO_8859-1 ru_SU.CP866 ^ while the file is named lt_LN.ISO8859-1. -Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de FreeBSD blues.physik.rwth-aachen.de 2.0-BUILT-19950606 FreeBSD 2.0-BUILT-1995 0606 #0: Tue Jun 6 19:13:32 MET DST 1995 kuku@blues.physik.rwth-aachen.de :/usr/src/sys/compile/BLUESGUS i386 From owner-freebsd-current Mon Jun 19 00:58:39 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id AAA01988 for current-outgoing; Mon, 19 Jun 1995 00:58:39 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id AAA01982 ; Mon, 19 Jun 1995 00:58:36 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id AAA00671; Mon, 19 Jun 1995 00:58:00 -0700 From: "Rodney W. Grimes" Message-Id: <199506190758.AAA00671@gndrsh.aac.dev.com> Subject: Re: Crypto moves - ome more question. To: mark@grondar.za (Mark Murray) Date: Mon, 19 Jun 1995 00:58:00 -0700 (PDT) Cc: Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org In-Reply-To: <199506190643.IAA27634@grumble.grondar.za> from "Mark Murray" at Jun 19, 95 08:43:11 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 802 Sender: current-owner@freebsd.org Precedence: bulk > > As the concensus is now that the DES library should move out of eBones > and into secure, where is a decent place to put the header file(s). At > the moment there is only one, des.h, and that is installed into > /usr/include/kerberosIV - not a good idea anymore. Also, if I include > more of Eric Young's crypto code, their headers should go in the same > place. What is good? > > Eric's full-blown library (SSLeay) is called libcrypto. So how about > /usr/include/crypto? Or just bunging it into /usr/include? Do any of the programming standards (Posix, ANSI, XP4G, etc) say anything about where the headers for these functions belong?? -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD From owner-freebsd-current Mon Jun 19 01:17:14 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id BAA02946 for current-outgoing; Mon, 19 Jun 1995 01:17:14 -0700 Received: from campino.informatik.rwth-aachen.de (campino.Informatik.RWTH-Aachen.DE [137.226.225.2]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id BAA02937 for ; Mon, 19 Jun 1995 01:17:09 -0700 Received: from gilberto.physik.rwth-aachen.de by campino.informatik.rwth-aachen.de (4.1/campino-7) id AA07688; Mon, 19 Jun 95 10:17:01 +0200 Received: (from kuku@localhost) by gilberto.physik.rwth-aachen.de (8.6.8/8.6.9) id KAA05277 for freebsd-current@freefall.cdrom.com; Mon, 19 Jun 1995 10:29:01 +0200 Date: Mon, 19 Jun 1995 10:29:01 +0200 From: "Christoph P. Kukulies" Message-Id: <199506190829.KAA05277@gilberto.physik.rwth-aachen.de> To: freebsd-current@freefall.cdrom.com Subject: Re: world build fails (mklocale) Sender: current-owner@FreeBSD.org Precedence: bulk Sorry, must have been some quirk on my side. Yesterday I copied a -current /usr/src tree from one machine to another (NFS). This took very long since the network performance (NE2000) was terribly bad. It was so bad that I went home and left the copy job alone. I tested ftp transfers and they also only gave 20-40 KB/s (Ethernet!) while at the same time a ftp between a 1.1.5.1R and a -current DX2/66 gave 450 KB/s. Maybe for some reason the NFS job it did not finish and I was using an old src tree. Remains the question why NFS performance was so bad on this DX4/100 32 MB system. (Bus speed problems with the network card?) And the other question remaining: Were there times when /usr/src/usr.bin/mklocale/data/lt_LN.ISO_8859-1 was named lt_LN.ISO8559-1 ? -Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de FreeBSD blues.physik.rwth-aachen.de 2.0-BUILT-19950606 FreeBSD 2.0-BUILT-1995 0606 #0: Tue Jun 6 19:13:32 MET DST 1995 kuku@blues.physik.rwth-aachen.de :/usr/src/sys/compile/BLUESGUS i386 From owner-freebsd-current Mon Jun 19 01:24:44 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id BAA03268 for current-outgoing; Mon, 19 Jun 1995 01:24:44 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id BAA03255 ; Mon, 19 Jun 1995 01:24:26 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id KAA29314; Mon, 19 Jun 1995 10:24:05 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id KAA27917; Mon, 19 Jun 1995 10:24:04 +0200 Message-Id: <199506190824.KAA27917@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: "Rodney W. Grimes" cc: mark@grondar.za (Mark Murray), Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org Subject: Re: Crypto moves - ome more question. Date: Mon, 19 Jun 1995 10:24:04 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > > Eric's full-blown library (SSLeay) is called libcrypto. So how about > > /usr/include/crypto? Or just bunging it into /usr/include? > > Do any of the programming standards (Posix, ANSI, XP4G, etc) say anything > about where the headers for these functions belong?? Dunno. I don't have any of these, so I'm not in a position to comment. (Where can I get copies, and how much?) M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Mon Jun 19 01:54:11 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id BAA04031 for current-outgoing; Mon, 19 Jun 1995 01:54:11 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id BAA04025 ; Mon, 19 Jun 1995 01:54:08 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id BAA00782; Mon, 19 Jun 1995 01:53:36 -0700 From: "Rodney W. Grimes" Message-Id: <199506190853.BAA00782@gndrsh.aac.dev.com> Subject: Re: Crypto moves - ome more question. To: mark@grondar.za (Mark Murray) Date: Mon, 19 Jun 1995 01:53:36 -0700 (PDT) Cc: mark@grondar.za, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org In-Reply-To: <199506190824.KAA27917@grumble.grondar.za> from "Mark Murray" at Jun 19, 95 10:24:04 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 769 Sender: current-owner@freebsd.org Precedence: bulk > > > > Eric's full-blown library (SSLeay) is called libcrypto. So how about > > > /usr/include/crypto? Or just bunging it into /usr/include? > > > > Do any of the programming standards (Posix, ANSI, XP4G, etc) say anything > > about where the headers for these functions belong?? > > Dunno. I don't have any of these, so I'm not in a position to comment. > (Where can I get copies, and how much?) Dunno and dunno :-)... I think someone was going to get Jordan a CDROM with some of them on it. When someone posts on how to get all of these I will probably go order them as I really should have a copy here. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD From owner-freebsd-current Mon Jun 19 05:24:19 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id FAA13980 for current-outgoing; Mon, 19 Jun 1995 05:24:19 -0700 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id FAA13974 for ; Mon, 19 Jun 1995 05:24:11 -0700 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id WAA01179; Mon, 19 Jun 1995 22:22:07 +1000 Date: Mon, 19 Jun 1995 22:22:07 +1000 From: Bruce Evans Message-Id: <199506191222.WAA01179@godzilla.zeta.org.au> To: darrylo@sr.hp.com Subject: Re: bin/534: chmod doesn't work through symlinks Cc: current@freebsd.org Sender: current-owner@freebsd.org Precedence: bulk > File permissions cannot be changed if a file is referenced via a > symlink. You have to use the -R flag and either the -H or -L flag according to the man page (chmod.1): "Symbolic links do not have modes, so unless the -H or -L option is set, chmod on a symbolic link always succeeds and has no effect. The -H, -L options are ignored unless the -R option is specified". This differs from historical behaviour. See symlink.7 for why. Essentially, it is so that the -R, -H, -L and -P flags work the same for all commands that do tree traversals. Bruce From owner-freebsd-current Mon Jun 19 08:08:14 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA23221 for current-outgoing; Mon, 19 Jun 1995 08:08:14 -0700 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id IAA23215 for ; Mon, 19 Jun 1995 08:08:12 -0700 Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.3.6) id AA08710; Mon, 19 Jun 1995 11:07:24 -0400 Date: Mon, 19 Jun 1995 11:07:24 -0400 From: Garrett Wollman Message-Id: <9506191507.AA08710@halloran-eldar.lcs.mit.edu> To: Mark Murray Cc: current@freebsd.org Subject: Crypto moves - ome more question. In-Reply-To: <199506190643.IAA27634@grumble.grondar.za> References: <199506190643.IAA27634@grumble.grondar.za> Sender: current-owner@freebsd.org Precedence: bulk < said: > Eric's full-blown library (SSLeay) is called libcrypto. So how about > /usr/include/crypto? Or just bunging it into /usr/include? Well, a standard MIT Kerberos build would have put des.h in /usr/local/include, so I would say that that header in particular should go in /usr/include. Any others, it depends on what (if anything) they're used for. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant From owner-freebsd-current Mon Jun 19 08:13:23 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA23624 for current-outgoing; Mon, 19 Jun 1995 08:13:23 -0700 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id IAA23618 for ; Mon, 19 Jun 1995 08:13:20 -0700 Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.3.6) id AA08725; Mon, 19 Jun 1995 11:12:28 -0400 Date: Mon, 19 Jun 1995 11:12:28 -0400 From: Garrett Wollman Message-Id: <9506191512.AA08725@halloran-eldar.lcs.mit.edu> To: Mark Murray Cc: current@freebsd.org Subject: Crypto code - an architectural proposal. In-Reply-To: <199506181600.SAA24683@grumble.grondar.za> References: <199506181600.SAA24683@grumble.grondar.za> Sender: current-owner@freebsd.org Precedence: bulk < said: > Included in the new DES code that I have (and in the old BTW) is > fcrypt.c, which is a faster (2-3 times) replacement for the DES-based > crypt(3) we are currently using. I would like to include this fcrypt.c > in libdes to reduce the number of libraries produced. This is a bad idea for the following reason: The current libdescrypt.so was designed specifically to ensure that it would be easy to get an export license for the binary. This is done by having the library only export one entry point, the UNIX one-way hash function crypt(). I don't want to see this broken. There are also some reasons for wishing that the system crypt() were slower as opposed to faster than it is now. Now, if you want to replace libcipher, go right ahead. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant From owner-freebsd-current Mon Jun 19 08:33:00 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA24097 for current-outgoing; Mon, 19 Jun 1995 08:33:00 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id IAA24091 for ; Mon, 19 Jun 1995 08:32:52 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id RAA29698; Mon, 19 Jun 1995 17:32:23 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id RAA28840; Mon, 19 Jun 1995 17:32:23 +0200 Message-Id: <199506191532.RAA28840@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: Garrett Wollman cc: current@freebsd.org Subject: Re: Crypto moves - ome more question. Date: Mon, 19 Jun 1995 17:32:22 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > Well, a standard MIT Kerberos build would have put des.h in > /usr/local/include, so I would say that that header in particular > should go in /usr/include. Any others, it depends on what (if > anything) they're used for. The kerberos^h^h^h^h^h^h^h^heBones headers will still go into /usr/include/kerberosIV. There are other libraries (like md4, idea and RSA) whose headers I have not totally thrashed out, but suspect should go into /usr/include with des.h. These are libraries of `other' crypto code. M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Mon Jun 19 08:56:52 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA25173 for current-outgoing; Mon, 19 Jun 1995 08:56:52 -0700 Received: from sovcom.kiae.su (sovcom.kiae.su [144.206.136.1]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id IAA25156 for ; Mon, 19 Jun 1995 08:56:45 -0700 Received: by sovcom.kiae.su id AA06787 (5.65.kiae-2 ); Mon, 19 Jun 1995 19:34:12 +0400 Received: by sovcom.KIAE.su (UUMAIL/2.0); Mon, 19 Jun 95 19:34:11 +0300 Received: (from ache@localhost) by astral.msk.su (8.6.8/8.6.6) id TAA00643; Mon, 19 Jun 1995 19:19:04 +0400 To: Wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org, gibbs@freefall.cdrom.com, Mark Murray , rgrimes@gndrsh.aac.dev.com References: <199506190643.IAA27634@grumble.grondar.za> In-Reply-To: <199506190643.IAA27634@grumble.grondar.za>; from Mark Murray at Mon, 19 Jun 1995 08:43:11 +0200 Message-Id: Organization: Olahm Ha-Yetzirah Date: Mon, 19 Jun 1995 19:19:04 +0400 (MSD) X-Mailer: Mail/@ [v2.38 FreeBSD] From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= aka "Andrey A. Chernov, Black Mage" X-Class: Fast Subject: Re: Crypto moves - ome more question. Lines: 14 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Length: 639 Sender: current-owner@freebsd.org Precedence: bulk In message <199506190643.IAA27634@grumble.grondar.za> Mark Murray writes: >Eric's full-blown library (SSLeay) is called libcrypto. So how about >/usr/include/crypto? Or just bunging it into /usr/include? Maybe libssl is better name? SSL has different approach than usual crypto stuff, look at pre-RFC draft for SSLref at www.netscape.com -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - FidoNet: 2:5020/230.3 : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849 From owner-freebsd-current Mon Jun 19 08:57:15 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA25281 for current-outgoing; Mon, 19 Jun 1995 08:57:15 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id IAA25206 for ; Mon, 19 Jun 1995 08:56:57 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id RAA29724; Mon, 19 Jun 1995 17:56:44 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id RAA29080; Mon, 19 Jun 1995 17:56:43 +0200 Message-Id: <199506191556.RAA29080@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: Garrett Wollman cc: current@freebsd.org Subject: Re: Crypto code - an architectural proposal. Date: Mon, 19 Jun 1995 17:56:42 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > < said: > > > Included in the new DES code that I have (and in the old BTW) is > > fcrypt.c, which is a faster (2-3 times) replacement for the DES-based > > crypt(3) we are currently using. I would like to include this fcrypt.c > > in libdes to reduce the number of libraries produced. > > This is a bad idea for the following reason: > > The current libdescrypt.so was designed specifically to ensure that it > would be easy to get an export license for the binary. This is done > by having the library only export one entry point, the UNIX one-way > hash function crypt(). I don't want to see this broken. I don't quite understand. The code I have has no restrictions apart from the US crypto export one. What I am proposing to do is include it with a library that has exactly the same restrictions. I want to do this to reduce the number of libraries, seeing that some of what I am doing may increase that number. > There are also some reasons for wishing that the system crypt() were > slower as opposed to faster than it is now. What are they, please? If it is to slow down hack-attacks, then this is not really a reason, as a hacker could either bring his own fast crypt(3), or we could slow down login(1) etc with sleep(3), giving us the advantage with the crack programs. > Now, if you want to replace libcipher, go right ahead. I am actually having quite a hard time working out what the difference is between libdescrypt and libcipher. Could you enlighten me please? (I was of a mind to trash libcipher, as it seems superfluous.) M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Mon Jun 19 09:06:40 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id JAA25819 for current-outgoing; Mon, 19 Jun 1995 09:06:40 -0700 Received: from haven.uniserve.com (haven.uniserve.com [198.53.215.121]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id JAA25813 for ; Mon, 19 Jun 1995 09:06:34 -0700 Received: by haven.uniserve.com id <30744>; Mon, 19 Jun 1995 09:07:27 +0100 Date: Mon, 19 Jun 1995 09:07:20 -0700 (PDT) From: Tom Samplonius cc: current@freebsd.org To: current@freebsd.org Subject: Re: Crypto moves - ome more question. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: current-owner@freebsd.org Precedence: bulk On Mon, 19 Jun 1995, =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= aka Andrey A. Chernov, Black Mage wrote: > In message <199506190643.IAA27634@grumble.grondar.za> Mark Murray > writes: > > >Eric's full-blown library (SSLeay) is called libcrypto. So how about > >/usr/include/crypto? Or just bunging it into /usr/include? > > Maybe libssl is better name? SSL has different approach than usual > crypto stuff, look at pre-RFC draft for SSLref at www.netscape.com I'm sorry if this has been covered before, but can someone give me a pointer to the ssl library? Tom From owner-freebsd-current Mon Jun 19 09:07:23 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id JAA25942 for current-outgoing; Mon, 19 Jun 1995 09:07:23 -0700 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id JAA25936 for ; Mon, 19 Jun 1995 09:07:21 -0700 Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.3.6) id AA08823; Mon, 19 Jun 1995 12:06:58 -0400 Date: Mon, 19 Jun 1995 12:06:58 -0400 From: Garrett Wollman Message-Id: <9506191606.AA08823@halloran-eldar.lcs.mit.edu> To: Mark Murray Cc: Garrett Wollman , current@freebsd.org Subject: Re: Crypto code - an architectural proposal. In-Reply-To: <199506191556.RAA29080@grumble.grondar.za> References: <199506191556.RAA29080@grumble.grondar.za> Sender: current-owner@freebsd.org Precedence: bulk < said: > I am actually having quite a hard time working out what the difference > is between libdescrypt and libcipher. Could you enlighten me please? > (I was of a mind to trash libcipher, as it seems superfluous.) Easy. libdescrypt is the UNIX one-way password hash function, implemented in a way that I believe is likely to be exportable. libcipher is all the other entry points which were traditionally associated with the UNIX `crypt' function, and which are not exportable because they can be used to perform encryption and decryption; this includes things like `setkey' and `encrypt'. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant From owner-freebsd-current Mon Jun 19 11:49:05 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA03970 for current-outgoing; Mon, 19 Jun 1995 11:49:05 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA03962 for ; Mon, 19 Jun 1995 11:48:55 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id UAA29904; Mon, 19 Jun 1995 20:48:12 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id UAA29837; Mon, 19 Jun 1995 20:48:11 +0200 Message-Id: <199506191848.UAA29837@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: Garrett Wollman cc: current@FreeBSD.org Subject: Re: Crypto code - an architectural proposal. Date: Mon, 19 Jun 1995 20:48:10 +0200 From: Mark Murray Sender: current-owner@FreeBSD.org Precedence: bulk > > I am actually having quite a hard time working out what the difference > > is between libdescrypt and libcipher. Could you enlighten me please? > > (I was of a mind to trash libcipher, as it seems superfluous.) > > Easy. libdescrypt is the UNIX one-way password hash function, > implemented in a way that I believe is likely to be exportable. > libcipher is all the other entry points which were traditionally > associated with the UNIX `crypt' function, and which are not > exportable because they can be used to perform encryption and > decryption; this includes things like `setkey' and `encrypt'. Isn't it amazing what `nm' can tell you? Sheesh - I should have done that first! Now (says he, fishing for information) why were folks so cagey with me and Geoff Rehmet back in the 386bsd PatchKit days, when a patchkit was supplied without a crypt.c, so we could make our own? AFAIK this crypt.c's only entry point was crypt, so that puts it in the same class as our current libdescrypt. Why was/is this a problem? Is it just a lack of clarity in the laws? M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Mon Jun 19 12:03:44 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA04445 for current-outgoing; Mon, 19 Jun 1995 12:03:44 -0700 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id MAA04439 for ; Mon, 19 Jun 1995 12:03:43 -0700 Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.3.6) id AA09143; Mon, 19 Jun 1995 15:02:18 -0400 Date: Mon, 19 Jun 1995 15:02:18 -0400 From: Garrett Wollman Message-Id: <9506191902.AA09143@halloran-eldar.lcs.mit.edu> To: Mark Murray Cc: current@FreeBSD.org Subject: Re: Crypto code - an architectural proposal. In-Reply-To: <199506191848.UAA29837@grumble.grondar.za> References: <199506191848.UAA29837@grumble.grondar.za> Sender: current-owner@FreeBSD.org Precedence: bulk < said: > only entry point was crypt, so that puts it in the same class as our > current libdescrypt. Why was/is this a problem? Is it just a lack of > clarity in the laws? The US State Department wants to spread as much Fear, Uncertainty, and Doubt about software exportability as possible, in the hope that it will discourage people from attempting to export even legal software (or software for which a license can be easily obtained, the category I believe libdescrypt.so to fall into). They and the NSA have their own unstated mission to outlaw private encryption entirely, in which the current administration is all too eager to help. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant From owner-freebsd-current Mon Jun 19 12:11:47 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA05002 for current-outgoing; Mon, 19 Jun 1995 12:11:47 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id MAA04995 for ; Mon, 19 Jun 1995 12:11:44 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id MAA01606; Mon, 19 Jun 1995 12:11:08 -0700 From: "Rodney W. Grimes" Message-Id: <199506191911.MAA01606@gndrsh.aac.dev.com> Subject: Re: Crypto code - an architectural proposal. To: mark@grondar.za (Mark Murray) Date: Mon, 19 Jun 1995 12:11:07 -0700 (PDT) Cc: wollman@halloran-eldar.lcs.mit.edu, current@FreeBSD.org In-Reply-To: <199506191848.UAA29837@grumble.grondar.za> from "Mark Murray" at Jun 19, 95 08:48:10 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1909 Sender: current-owner@FreeBSD.org Precedence: bulk > > > > I am actually having quite a hard time working out what the difference > > > is between libdescrypt and libcipher. Could you enlighten me please? > > > (I was of a mind to trash libcipher, as it seems superfluous.) > > > > Easy. libdescrypt is the UNIX one-way password hash function, > > implemented in a way that I believe is likely to be exportable. > > libcipher is all the other entry points which were traditionally > > associated with the UNIX `crypt' function, and which are not > > exportable because they can be used to perform encryption and > > decryption; this includes things like `setkey' and `encrypt'. > > Isn't it amazing what `nm' can tell you? Sheesh - I should have done > that first! > > Now (says he, fishing for information) why were folks so cagey with me > and Geoff Rehmet back in the 386bsd PatchKit days, when a patchkit was > supplied without a crypt.c, so we could make our own? Back in them days we the laws where not quite as clear to us as they are now, ie, we knew far less about them then, than we do now. We also did not have the shared library code back then to make it work as slick as it does now. [Remeber, you would have had to change more than just the libcrypt.so symlink that we have now!!!] > AFAIK this crypt.c's > only entry point was crypt, so that puts it in the same class as our > current libdescrypt. Why was/is this a problem? Is it just a lack of > clarity in the laws? It *was* a lack of a good understanding of the laws back in the patchkit days. It was also missing a good clean way to turn a system from non-crypt to crypt. We still can't export the source to libdescrypt.*, but from my understanding we can export the binary of it. [Is that a correct statement Garrett?] -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD From owner-freebsd-current Mon Jun 19 12:35:46 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA05563 for current-outgoing; Mon, 19 Jun 1995 12:35:46 -0700 Received: from specgw.spec.co.jp (specgw.spec.co.jp [202.32.13.1]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id MAA05554 for ; Mon, 19 Jun 1995 12:35:40 -0700 Received: from localhost (uucp@localhost) by specgw.spec.co.jp (8.6.5/3.3Wb-SPEC) with UUCP id EAA08987; Tue, 20 Jun 1995 04:20:42 +0900 Received: by tama.spec.co.jp (8.6.11/6.4J.5) id CAA01284; Tue, 20 Jun 1995 02:52:28 +0900 From: Atsushi Murai Message-Id: <199506191752.CAA01284@tama.spec.co.jp> Subject: Re: GENERIC kernel & some basic UNIX pointers (fwd) To: imb@scgt.oz.au (michael butler) Date: Tue, 20 Jun 1995 02:52:27 +0900 (JST) Cc: freebsd-current@freebsd.org In-Reply-To: <199506181510.BAA16697@asstdc.scgt.oz.au> from "michael butler" at Jun 19, 95 01:10:56 am Reply-To: amurai@spec.co.jp X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1500 Sender: current-owner@freebsd.org Precedence: bulk > One reason that it can't be used in some instances is that it currently > provides no mechanism (that I've found) with which to disable ip-address > negotiation. Specific examples which will always fail are connections to a > box running any KA9Q variant (there are lots) and a Telebit NetBlazer. The > latter component that this machine talks to is configured to reject any > negotiation .. I do not know if that can be changed. ?? What do you mean "disable a ip-address negotiation" ? I guss you want specify ip address of your side/ both of them !? If so, I will show you my-home and my-office user-mode ppp setup as follows... ... for my side... set ifaddr 202.32.13.200/24 202.32.13.1/24 add 0 255.255.255.0 202.32.13.1 ... for office set ifaddr 202.32.13.1/24 202.32.13.200/24 > In both instances, the user-mode ppp apparently decides that it can't > confirm the address used by the other end and drops the connection on the > floor. In contrast, "pppd -ip .." works every time, Please remember. The ppp protocol has no difference between out(client)/in(server) for handshaking. Another words, it's negotiation base on same stands. So if you wan't specifiy (forcely setup) peer ip address, a peer needs to accept your offer! (i.e set ifaddr 0 202.32.13.200/24). It's same syntax of pppd, don't it? > michael Atsushi. -- Atsushi Murai Internet: amurai@spec.co.jp System Planning and Engineering Co,.Ltd. Voice : +81-33833-5341 From owner-freebsd-current Mon Jun 19 12:51:06 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA06615 for current-outgoing; Mon, 19 Jun 1995 12:51:06 -0700 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id MAA06604 for ; Mon, 19 Jun 1995 12:51:04 -0700 Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.3.6) id AA09225; Mon, 19 Jun 1995 15:50:54 -0400 Date: Mon, 19 Jun 1995 15:50:54 -0400 From: Garrett Wollman Message-Id: <9506191950.AA09225@halloran-eldar.lcs.mit.edu> To: "Rodney W. Grimes" Cc: current@FreeBSD.org Subject: Re: Crypto code - an architectural proposal. In-Reply-To: <199506191911.MAA01606@gndrsh.aac.dev.com> References: <199506191848.UAA29837@grumble.grondar.za> <199506191911.MAA01606@gndrsh.aac.dev.com> Sender: current-owner@FreeBSD.org Precedence: bulk < said: > We still can't export the source to libdescrypt.*, but from my understanding > we can export the binary of it. [Is that a correct statement Garrett?] Not quite. libdescrypt was designed in such a way that I believe the State Department would admit that it doesn't actually do encryption, which would then allow you to apply to the Commerce Department for a declaration that it is exportable as ``technical data''. You still have to apply to the State Department first before attempting to export the binary. For extra safefty, the subfunctions called by crypt() could be inlined. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant From owner-freebsd-current Mon Jun 19 13:06:34 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA08087 for current-outgoing; Mon, 19 Jun 1995 13:06:34 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id NAA08075 for ; Mon, 19 Jun 1995 13:06:19 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id WAA29992; Mon, 19 Jun 1995 22:06:10 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id WAA00130; Mon, 19 Jun 1995 22:06:08 +0200 Message-Id: <199506192006.WAA00130@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: Garrett Wollman cc: current@FreeBSD.org Subject: Re: Crypto code - an architectural proposal. Date: Mon, 19 Jun 1995 22:06:07 +0200 From: Mark Murray Sender: current-owner@FreeBSD.org Precedence: bulk > The US State Department wants to spread as much Fear, Uncertainty, and > Doubt about software exportability as possible, in the hope that it > will discourage people from attempting to export even legal software > (or software for which a license can be easily obtained, the category > I believe libdescrypt.so to fall into). They and the NSA have their > own unstated mission to outlaw private encryption entirely, in which > the current administration is all too eager to help. Bastards. How do we go about licensing libdescrypt, or will that just attract the wrong kind of attention? \begin{rave} You want to know how ridiculous this law is? There is a T-shirt with some crypto algorithm in Perl on it. To export these from the US is Gun-Running. They are printed and freely available in Britain. They are illegal for possession in France. A textbook on numerical algorithms which is printed in the US has a discussion and description (and some code) on DES is exportable. What's the problem??? \end{rave} Sigh. M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Mon Jun 19 13:12:56 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA08404 for current-outgoing; Mon, 19 Jun 1995 13:12:56 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id NAA08393 for ; Mon, 19 Jun 1995 13:12:38 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id WAA00104; Mon, 19 Jun 1995 22:12:28 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id WAA00163; Mon, 19 Jun 1995 22:12:26 +0200 Message-Id: <199506192012.WAA00163@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: Garrett Wollman cc: "Rodney W. Grimes" , current@FreeBSD.org Subject: Re: Crypto code - an architectural proposal. Date: Mon, 19 Jun 1995 22:12:26 +0200 From: Mark Murray Sender: current-owner@FreeBSD.org Precedence: bulk > Not quite. libdescrypt was designed in such a way that I believe the > State Department would admit that it doesn't actually do encryption, > which would then allow you to apply to the Commerce Department for a > declaration that it is exportable as ``technical data''. You still > have to apply to the State Department first before attempting to > export the binary. > > For extra safefty, the subfunctions called by crypt() could be > inlined. If the state department has a problem (or potential problem) with the crypt(3) in libdescrypt, why is there _no_ problem with the MD5 crypt(3)? They are functionally equivalent. Was the MD5 version even vetted? M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Mon Jun 19 13:18:37 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA08719 for current-outgoing; Mon, 19 Jun 1995 13:18:37 -0700 Received: (from phk@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA08709 ; Mon, 19 Jun 1995 13:18:34 -0700 From: Poul-Henning Kamp Message-Id: <199506192018.NAA08709@freefall.cdrom.com> Subject: Re: Crypto code - an architectural proposal. To: mark@grondar.za (Mark Murray) Date: Mon, 19 Jun 1995 13:18:34 -0700 (PDT) Cc: wollman@halloran-eldar.lcs.mit.edu, rgrimes@gndrsh.aac.dev.com, current@FreeBSD.org In-Reply-To: <199506192012.WAA00163@grumble.grondar.za> from "Mark Murray" at Jun 19, 95 10:12:26 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 506 Sender: current-owner@FreeBSD.org Precedence: bulk > If the state department has a problem (or potential problem) with the > crypt(3) in libdescrypt, why is there _no_ problem with the MD5 crypt(3)? > They are functionally equivalent. Was the MD5 version even vetted? MD5 cannot decrypt. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Just that: dried leaves in boiling water ? From owner-freebsd-current Mon Jun 19 13:29:04 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA09225 for current-outgoing; Mon, 19 Jun 1995 13:29:04 -0700 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id NAA09218 for ; Mon, 19 Jun 1995 13:28:57 -0700 Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.3.6) id AA09361; Mon, 19 Jun 1995 16:28:30 -0400 Date: Mon, 19 Jun 1995 16:28:30 -0400 From: Garrett Wollman Message-Id: <9506192028.AA09361@halloran-eldar.lcs.mit.edu> To: Mark Murray Cc: Garrett Wollman , "Rodney W. Grimes" , current@FreeBSD.org Subject: Re: Crypto code - an architectural proposal. In-Reply-To: <199506192012.WAA00163@grumble.grondar.za> References: <199506192012.WAA00163@grumble.grondar.za> Sender: current-owner@FreeBSD.org Precedence: bulk < said: > If the state department has a problem (or potential problem) with the > crypt(3) in libdescrypt, why is there _no_ problem with the MD5 crypt(3)? > They are functionally equivalent. Was the MD5 version even vetted? Because the libdescrypt version is implemented by calling a whacked-up version of DES, whereas MD5 was designed from the start to be exportable. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant From owner-freebsd-current Mon Jun 19 13:31:34 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA09452 for current-outgoing; Mon, 19 Jun 1995 13:31:34 -0700 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id NAA09438 for ; Mon, 19 Jun 1995 13:31:28 -0700 Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.3.6) id AA09366; Mon, 19 Jun 1995 16:31:20 -0400 Date: Mon, 19 Jun 1995 16:31:20 -0400 From: Garrett Wollman Message-Id: <9506192031.AA09366@halloran-eldar.lcs.mit.edu> To: Poul-Henning Kamp Cc: current@FreeBSD.org Subject: Re: Crypto code - an architectural proposal. In-Reply-To: <199506192018.NAA08709@freefall.cdrom.com> References: <199506192012.WAA00163@grumble.grondar.za> <199506192018.NAA08709@freefall.cdrom.com> Sender: current-owner@FreeBSD.org Precedence: bulk < said: >> If the state department has a problem (or potential problem) with the >> crypt(3) in libdescrypt, why is there _no_ problem with the MD5 crypt(3)? >> They are functionally equivalent. Was the MD5 version even vetted? > MD5 cannot decrypt. It's more than that; the same is true of the DES crypt(). The significant difference between the two is that the DES crypt() is based on real encryption software which has been specially broken, whereas MD5 was designed from the ground up as a one-way hash function, and is thus not even potantially subject to export controls. (At least until the State Department learns that any one-way hash function can be used for encryption with a little effort.) -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant From owner-freebsd-current Mon Jun 19 13:43:20 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA10085 for current-outgoing; Mon, 19 Jun 1995 13:43:20 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id NAA10070 ; Mon, 19 Jun 1995 13:43:02 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id WAA00173; Mon, 19 Jun 1995 22:42:40 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id WAA00321; Mon, 19 Jun 1995 22:42:39 +0200 Message-Id: <199506192042.WAA00321@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: Poul-Henning Kamp cc: wollman@halloran-eldar.lcs.mit.edu, rgrimes@gndrsh.aac.dev.com, current@FreeBSD.org Subject: Re: Crypto code - an architectural proposal. Date: Mon, 19 Jun 1995 22:42:39 +0200 From: Mark Murray Sender: current-owner@FreeBSD.org Precedence: bulk > > If the state department has a problem (or potential problem) with the > > crypt(3) in libdescrypt, why is there _no_ problem with the MD5 crypt(3)? > > They are functionally equivalent. Was the MD5 version even vetted? > > MD5 cannot decrypt. I thought that was the point of crypt(3). "One-way trapdoor algorithm"? M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Mon Jun 19 13:45:56 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA10373 for current-outgoing; Mon, 19 Jun 1995 13:45:56 -0700 Received: from westhill.cdrom.com (westhill.cdrom.com [192.216.223.147]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id NAA10367 for ; Mon, 19 Jun 1995 13:45:55 -0700 Received: from localhost.cdrom.com (localhost.cdrom.com [127.0.0.1]) by westhill.cdrom.com (8.6.11/8.6.11) with SMTP id NAA10267 ; Mon, 19 Jun 1995 13:45:48 -0700 X-Authentication-Warning: westhill.cdrom.com: Host localhost.cdrom.com didn't use HELO protocol To: Garrett Wollman cc: current@FreeBSD.org Subject: Re: Crypto code - an architectural proposal. In-reply-to: Your message of "Mon, 19 Jun 1995 16:31:20 EDT." <9506192031.AA09366@halloran-eldar.lcs.mit.edu> Date: Mon, 19 Jun 1995 13:45:47 -0700 Message-ID: <10265.803594747@westhill.cdrom.com> From: Gary Palmer Sender: current-owner@FreeBSD.org Precedence: bulk In message <9506192031.AA09366@halloran-eldar.lcs.mit.edu>, Garrett Wollman wri tes: >(At least until the State Department learns that any one-way hash >function can be used for encryption with a little effort.) Don't shout so loud :-) Gary From owner-freebsd-current Mon Jun 19 14:58:24 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id OAA12563 for current-outgoing; Mon, 19 Jun 1995 14:58:24 -0700 Received: from silvia.HIP.Berkeley.EDU (silvia.HIP.Berkeley.EDU [136.152.64.181]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id OAA12557 ; Mon, 19 Jun 1995 14:58:21 -0700 Received: (from asami@localhost) by silvia.HIP.Berkeley.EDU (8.6.11/8.6.9) id OAA04362; Mon, 19 Jun 1995 14:58:11 -0700 Date: Mon, 19 Jun 1995 14:58:11 -0700 Message-Id: <199506192158.OAA04362@silvia.HIP.Berkeley.EDU> To: ache@freebsd.org, rgrimes@gndrsh.aac.dev.com CC: current@freebsd.org Subject: usr.bin/colldef From: asami@cs.berkeley.edu (Satoshi Asami) Sender: current-owner@freebsd.org Precedence: bulk The great lt_LN.ISO_8859-1 renaming (:) didn't seem to reach this directory. I needed to edit the Makefile and rename the filename in data/ to make my "make install" happy. Satoshi From owner-freebsd-current Mon Jun 19 15:09:05 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id PAA13025 for current-outgoing; Mon, 19 Jun 1995 15:09:05 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id PAA13018 ; Mon, 19 Jun 1995 15:09:02 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id PAA01982; Mon, 19 Jun 1995 15:09:11 -0700 From: "Rodney W. Grimes" Message-Id: <199506192209.PAA01982@gndrsh.aac.dev.com> Subject: Re: usr.bin/colldef To: asami@cs.berkeley.edu (Satoshi Asami) Date: Mon, 19 Jun 1995 15:09:11 -0700 (PDT) Cc: ache@freebsd.org, current@freebsd.org In-Reply-To: <199506192158.OAA04362@silvia.HIP.Berkeley.EDU> from "Satoshi Asami" at Jun 19, 95 02:58:11 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 382 Sender: current-owner@freebsd.org Precedence: bulk > > The great lt_LN.ISO_8859-1 renaming (:) didn't seem to reach this > directory. I needed to edit the Makefile and rename the filename in > data/ to make my "make install" happy. Done... please go fix the Makefile now... -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD From owner-freebsd-current Mon Jun 19 15:31:11 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id PAA14299 for current-outgoing; Mon, 19 Jun 1995 15:31:11 -0700 Received: from cs.weber.edu (cs.weber.edu [137.190.16.16]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id PAA14293 for ; Mon, 19 Jun 1995 15:31:10 -0700 Received: by cs.weber.edu (4.1/SMI-4.1.1) id AA22483; Mon, 19 Jun 95 16:23:48 MDT From: terry@cs.weber.edu (Terry Lambert) Message-Id: <9506192223.AA22483@cs.weber.edu> Subject: Re: Crypto code - an architectural proposal. To: mark@grondar.za (Mark Murray) Date: Mon, 19 Jun 95 16:23:47 MDT Cc: phk@freefall.cdrom.com, wollman@halloran-eldar.lcs.mit.edu, rgrimes@gndrsh.aac.dev.com, current@FreeBSD.org In-Reply-To: <199506192042.WAA00321@grumble.grondar.za> from "Mark Murray" at Jun 19, 95 10:42:39 pm X-Mailer: ELM [version 2.4dev PL52] Sender: current-owner@FreeBSD.org Precedence: bulk > > > If the state department has a problem (or potential problem) with the > > > crypt(3) in libdescrypt, why is there _no_ problem with the MD5 crypt(3)? > > > They are functionally equivalent. Was the MD5 version even vetted? > > > > MD5 cannot decrypt. > > I thought that was the point of crypt(3). "One-way trapdoor algorithm"? Crypt can be used to build a encipher/decipher system to transmit encrypted data into and out of the US without the US authorities being able to monitor it in [potentially] sufficient time to act on the data contained therein. For instance, orders from Iraq/Iran/Libya to assemble munitions from included plans and use them on a target in the US. This is arguably in the same category as the gun control legislation in the US, since there is an implied assumption that a criminal will only obtain his gun or his cryptosystem through legal means for fear of the penalty (ignoring the fact that they will be facing the penalty for the crime they would commit using the "contraband" materials, and is thus prohibition is not a deterrent). The MD5 algorithm is not itself a crypto-system: it's a non-reversible checksum (or at least is effectively so). The point is that you can use MD5 checksums to compare data on which the checksums are computed without the data being revealed by publishing a particular checksum. The crypt(3) algorithm can be used to (effective) provide a non-reversible *hash* value. If this were the only use to which it could be put, then it, too, would be exportable. This is why it's relatively easy to get an export license for crypt based binary software statically linked and stripped to hide the function parts and only linked with utilities which use it for hashing. Terry Lambert terry@cs.weber.edu --- Any opinions in this posting are my own and not those of my present or previous employers. From owner-freebsd-current Mon Jun 19 22:49:09 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id WAA25570 for current-outgoing; Mon, 19 Jun 1995 22:49:09 -0700 Received: from cs.weber.edu (cs.weber.edu [137.190.16.16]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id WAA25560 for ; Mon, 19 Jun 1995 22:49:06 -0700 Received: by cs.weber.edu (4.1/SMI-4.1.1) id AA24561; Mon, 19 Jun 95 23:41:51 MDT From: terry@cs.weber.edu (Terry Lambert) Message-Id: <9506200541.AA24561@cs.weber.edu> Subject: Re: Crypto code - an architectural proposal. To: mark@grondar.za (Mark Murray) Date: Mon, 19 Jun 95 23:41:50 MDT Cc: wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org In-Reply-To: <199506191556.RAA29080@grumble.grondar.za> from "Mark Murray" at Jun 19, 95 05:56:42 pm X-Mailer: ELM [version 2.4dev PL52] Sender: current-owner@freebsd.org Precedence: bulk > > The current libdescrypt.so was designed specifically to ensure that it > > would be easy to get an export license for the binary. This is done > > by having the library only export one entry point, the UNIX one-way > > hash function crypt(). I don't want to see this broken. > > I don't quite understand. The code I have has no restrictions apart from > the US crypto export one. What I am proposing to do is include it with a > library that has exactly the same restrictions. I want to do this to > reduce the number of libraries, seeing that some of what I am doing may > increase that number. The problem is that the API has been designed to meet US export code restrictions such that a non-crypto exported system can be easily turned into a crypto-enabled system external to the US without a lot of work. It seems that the changes you want to make will result in someone having to get the API recertified as exportable. The net effect of this is that CDROM distributions will become *more* difficult to crypto-enable than they currently are. > > There are also some reasons for wishing that the system crypt() were > > slower as opposed to faster than it is now. > > What are they, please? If it is to slow down hack-attacks, then this is > not really a reason, as a hacker could either bring his own fast crypt(3), > or we could slow down login(1) etc with sleep(3), giving us the advantage > with the crack programs. I agree that the hack-attack prevention is a poor reason for slowing down crypt(). Terry Lambert terry@cs.weber.edu --- Any opinions in this posting are my own and not those of my present or previous employers. From owner-freebsd-current Mon Jun 19 22:59:00 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id WAA26768 for current-outgoing; Mon, 19 Jun 1995 22:59:00 -0700 Received: (from phk@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id WAA26759 ; Mon, 19 Jun 1995 22:58:59 -0700 From: Poul-Henning Kamp Message-Id: <199506200558.WAA26759@freefall.cdrom.com> Subject: Re: Crypto code - an architectural proposal. To: terry@cs.weber.edu (Terry Lambert) Date: Mon, 19 Jun 1995 22:58:59 -0700 (PDT) Cc: mark@grondar.za, wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org In-Reply-To: <9506200541.AA24561@cs.weber.edu> from "Terry Lambert" at Jun 19, 95 11:41:50 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 1029 Sender: current-owner@freebsd.org Precedence: bulk > > > There are also some reasons for wishing that the system crypt() were > > > slower as opposed to faster than it is now. > > > > What are they, please? If it is to slow down hack-attacks, then this is > > not really a reason, as a hacker could either bring his own fast crypt(3), > > or we could slow down login(1) etc with sleep(3), giving us the advantage > > with the crack programs. > > I agree that the hack-attack prevention is a poor reason for slowing down > crypt(). The MD5 based crypt() I wrote for 2.0 had this in mind. It is sufficiently slow that brute-force attacks are not fun, and it is frustrated by a millisecond timestamp so dictionary attacks become very bulky. Ten years from now it will probably have to be slowed down again :-( -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Just that: dried leaves in boiling water ? From owner-freebsd-current Mon Jun 19 23:14:04 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id XAA27677 for current-outgoing; Mon, 19 Jun 1995 23:14:04 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id XAA27657 for ; Mon, 19 Jun 1995 23:13:50 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id IAA00709; Tue, 20 Jun 1995 08:13:36 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id IAA01182; Tue, 20 Jun 1995 08:13:34 +0200 Message-Id: <199506200613.IAA01182@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: terry@cs.weber.edu (Terry Lambert) cc: wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org Subject: Re: Crypto code - an architectural proposal. Date: Tue, 20 Jun 1995 08:13:34 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > > I don't quite understand. The code I have has no restrictions apart from > > the US crypto export one. What I am proposing to do is include it with a > > library that has exactly the same restrictions. I want to do this to > > reduce the number of libraries, seeing that some of what I am doing may > > increase that number. > > The problem is that the API has been designed to meet US export code > restrictions such that a non-crypto exported system can be easily > turned into a crypto-enabled system external to the US without a lot > of work. AHA! This makes sense. (sorta!) > It seems that the changes you want to make will result in someone having > to get the API recertified as exportable. True. I won't do it then. > The net effect of this is that CDROM distributions will become *more* > difficult to crypto-enable than they currently are. Right. I'll stick with what we currently have (more-or-less). Is there any reason that libcipher cannot be merged with libdes? > > > There are also some reasons for wishing that the system crypt() were > > > slower as opposed to faster than it is now. > > > > What are they, please? If it is to slow down hack-attacks, then this is > > not really a reason, as a hacker could either bring his own fast crypt(3), > > or we could slow down login(1) etc with sleep(3), giving us the advantage > > with the crack programs. > > I agree that the hack-attack prevention is a poor reason for slowing down > crypt(). Thanks! Are there any other (potential) reasons why crypt(3) should be slow? M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Mon Jun 19 23:21:40 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id XAA28552 for current-outgoing; Mon, 19 Jun 1995 23:21:40 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id XAA28520 ; Mon, 19 Jun 1995 23:21:25 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id IAA00723; Tue, 20 Jun 1995 08:21:08 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id IAA01213; Tue, 20 Jun 1995 08:21:06 +0200 Message-Id: <199506200621.IAA01213@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: Poul-Henning Kamp cc: terry@cs.weber.edu (Terry Lambert), wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org Subject: Re: Crypto code - an architectural proposal. Date: Tue, 20 Jun 1995 08:21:05 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > > I agree that the hack-attack prevention is a poor reason for slowing down > > crypt(). > > The MD5 based crypt() I wrote for 2.0 had this in mind. It is sufficiently > slow that brute-force attacks are not fun, and it is frustrated by a > millisecond timestamp so dictionary attacks become very bulky. The timestamp can be stripped down by anyone with access to the source. OK, this does not help anyone bashing at the front door, but there are those hackers who with a Sparc or an Alpha and the MD5 source will really clobber a password file using Crack... > Ten years from now it will probably have to be slowed down again :-( Who says some clever Maths/Crypto boffin hasn't got a faster algorithm _now_? Look at fcrypt versus Classic crypt(3). M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Mon Jun 19 23:36:07 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id XAA29214 for current-outgoing; Mon, 19 Jun 1995 23:36:07 -0700 Received: from cs.weber.edu (cs.weber.edu [137.190.16.16]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id XAA29208 for ; Mon, 19 Jun 1995 23:36:06 -0700 Received: by cs.weber.edu (4.1/SMI-4.1.1) id AA24718; Tue, 20 Jun 95 00:28:22 MDT From: terry@cs.weber.edu (Terry Lambert) Message-Id: <9506200628.AA24718@cs.weber.edu> Subject: Re: Crypto code - an architectural proposal. To: mark@grondar.za (Mark Murray) Date: Tue, 20 Jun 95 0:28:22 MDT Cc: wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org In-Reply-To: <199506200613.IAA01182@grumble.grondar.za> from "Mark Murray" at Jun 20, 95 08:13:34 am X-Mailer: ELM [version 2.4dev PL52] Sender: current-owner@freebsd.org Precedence: bulk > > The net effect of this is that CDROM distributions will become *more* > > difficult to crypto-enable than they currently are. > > Right. I'll stick with what we currently have (more-or-less). Is there any > reason that libcipher cannot be merged with libdes? I can't think of any off the top of my head (doesn't mean there aren't any, however). > > I agree that the hack-attack prevention is a poor reason for slowing down > > crypt(). > > Thanks! Are there any other (potential) reasons why crypt(3) should be slow? Yes. The ANSI standard defining DES states that particular steps will be followed during the process. Implementations, such as "fastcrypt", can't claim conformance to the published standard because they mathematically simplify the process in order to get a speed up (losing conformance in the process). It is also possible to build a crypt that is useless for other than password forward encryption by going through other mathematical simplifications to the algorithm (like assuming a constant table, etc.) and precomputing the values for some of the resulting calculations so that they will not have to be redone each time the thing is run. Boils down to (1) mathematical transformation (standards violation) or (2) robbing the algorithm of generality (another standards violation). Man, and I'd promised my poor old decrepit mom that I wouldn't go discussiong crypto any more... ;^). Terry Lambert terry@cs.weber.edu --- Any opinions in this posting are my own and not those of my present or previous employers. From owner-freebsd-current Tue Jun 20 00:08:37 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id AAA01211 for current-outgoing; Tue, 20 Jun 1995 00:08:37 -0700 Received: (from phk@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id AAA01200 ; Tue, 20 Jun 1995 00:08:36 -0700 From: Poul-Henning Kamp Message-Id: <199506200708.AAA01200@freefall.cdrom.com> Subject: Re: Crypto code - an architectural proposal. To: mark@grondar.za (Mark Murray) Date: Tue, 20 Jun 1995 00:08:36 -0700 (PDT) Cc: terry@cs.weber.edu, wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org In-Reply-To: <199506200621.IAA01213@grumble.grondar.za> from "Mark Murray" at Jun 20, 95 08:21:05 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 1412 Sender: current-owner@freebsd.org Precedence: bulk > > > I agree that the hack-attack prevention is a poor reason for slowing down > > > crypt(). > > > > The MD5 based crypt() I wrote for 2.0 had this in mind. It is sufficiently > > slow that brute-force attacks are not fun, and it is frustrated by a > > millisecond timestamp so dictionary attacks become very bulky. > > The timestamp can be stripped down by anyone with access to the source. > OK, this does not help anyone bashing at the front door, but there are > those hackers who with a Sparc or an Alpha and the MD5 source will > really clobber a password file using Crack... > The timestamp cannot be stripped out by any known method at this point. I tried with a rather large network, and a really optimistic guess at a brute force attempt, including a factor 2 increase per year in speed still gives way over 100 years. > > Ten years from now it will probably have to be slowed down again :-( > > Who says some clever Maths/Crypto boffin hasn't got a faster algorithm > _now_? Look at fcrypt versus Classic crypt(3). MD5 isn't particular easy to speed up. Check the source. The MD5 crypt() is way stronger that DES crypt(). -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Just that: dried leaves in boiling water ? From owner-freebsd-current Tue Jun 20 00:54:04 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id AAA05043 for current-outgoing; Tue, 20 Jun 1995 00:54:04 -0700 Received: from balboa.eng.uci.edu (balboa.eng.uci.edu [128.200.61.2]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id AAA05036 for ; Tue, 20 Jun 1995 00:54:03 -0700 Received: from localhost.uci.edu by balboa.eng.uci.edu with SMTP id AA23411 (5.65c/IDA-1.4.4 for freebsd-current@freebsd.org); Tue, 20 Jun 1995 00:54:00 -0700 Message-Id: <199506200754.AA23411@balboa.eng.uci.edu> To: freebsd-current@freebsd.org Subject: to be 2.1 or not to be 2.1? Date: Tue, 20 Jun 1995 00:53:55 -0700 From: Steven Wallace Sender: current-owner@freebsd.org Precedence: bulk Umm, I noticed on freefall: -current tree now tracking FreeBSD 2.2. Also some talk on -hackers about 2.2. I'm sorry if I missed something, but what happened to 2.1? Steven From owner-freebsd-current Tue Jun 20 01:21:13 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id BAA07258 for current-outgoing; Tue, 20 Jun 1995 01:21:13 -0700 Received: from silvia.HIP.Berkeley.EDU (silvia.HIP.Berkeley.EDU [136.152.64.181]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id BAA07248 for ; Tue, 20 Jun 1995 01:21:09 -0700 Received: (from asami@localhost) by silvia.HIP.Berkeley.EDU (8.6.11/8.6.9) id BAA00953; Tue, 20 Jun 1995 01:20:49 -0700 Date: Tue, 20 Jun 1995 01:20:49 -0700 Message-Id: <199506200820.BAA00953@silvia.HIP.Berkeley.EDU> To: amurai@spec.co.jp CC: FreeBSD-current@FreeBSD.Org In-reply-to: <9506171507.AA00056@tama3.spec.co.jp.spec.co.jp> (message from Atsushi Murai on Sun, 18 Jun 1995 00:07:43 +0900) Subject: Re: jp.106.kbd jp.106x.kbd ? From: asami@cs.berkeley.edu (Satoshi Asami) Sender: current-owner@FreeBSD.Org Precedence: bulk * Is there any reason Japanese 106 keyborad maps haven't described in * Makefile for install? (Yes it's seems OK. IMHO) Absolutely not. Just an oversight on our part. Fixed in -current. Sorry. Satoshi From owner-freebsd-current Tue Jun 20 06:23:34 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id GAA19583 for current-outgoing; Tue, 20 Jun 1995 06:23:34 -0700 Received: from whisker.internet-eireann.ie (whisker.internet-eireann.ie [194.9.34.204]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id GAA19577 for ; Tue, 20 Jun 1995 06:23:23 -0700 Received: from localhost (localhost [127.0.0.1]) by whisker.internet-eireann.ie (8.6.11/8.6.9) with SMTP id OAA13454; Tue, 20 Jun 1995 14:23:12 +0100 X-Authentication-Warning: whisker.internet-eireann.ie: Host localhost didn't use HELO protocol To: Steven Wallace cc: freebsd-current@freebsd.org Subject: Re: to be 2.1 or not to be 2.1? In-reply-to: Your message of "Tue, 20 Jun 1995 00:53:55 PDT." <199506200754.AA23411@balboa.eng.uci.edu> Date: Tue, 20 Jun 1995 14:23:12 +0100 Message-ID: <13452.803654592@whisker.internet-eireann.ie> From: "Jordan K. Hubbard" Sender: current-owner@freebsd.org Precedence: bulk 2.2 is just what's under development as "-current". 2.1 is a stability release and will only have incremental improvements from 2.0.5R made to it. Jordan > > Umm, I noticed on freefall: -current tree now tracking FreeBSD 2.2. > > Also some talk on -hackers about 2.2. I'm sorry if I missed something, > but what happened to 2.1? > > Steven > From owner-freebsd-current Tue Jun 20 07:58:10 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id HAA23081 for current-outgoing; Tue, 20 Jun 1995 07:58:10 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id HAA23055 ; Tue, 20 Jun 1995 07:57:37 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id QAA01160; Tue, 20 Jun 1995 16:57:26 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id QAA02441; Tue, 20 Jun 1995 16:57:23 +0200 Message-Id: <199506201457.QAA02441@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: rgrimes@gndrsh.aac.dev.com, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org Subject: The great crypt reshuffle Date: Tue, 20 Jun 1995 16:57:22 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk Hi There has been good discussion over the last couple of days, and this is an attempt to summarise the concensus so far, and turn it into an agreed-upon proposal. Where I have gotten wrong, please gently correct, where I have forgotten please remind etc... 1) The DES library is to move from eBones to secure/lib/libdes. des.h (the public header for this library) moves from /usr/include/kerberosIV to /usr/include, and to be updated with much more recent code from Eric Young, the original author. 2) crypt(3) and friends in libcipher to be replaced with faster code from same author as libdes, and to merge with libdes. (I know, not much concensus here - I'm just pushing my luck) 3) libcrypts containing _only_ des crypt(3) and md5 crypt(3) to remain unchanged (Except perhaps for newer code in des crypt(3)) to maintain possible foreign licensing. One selected as the _real_ libcrypt by symlink. 4) (Very little discussion here) Other libraries containing crypto code (ssl, rsa, md4, idea (where legal/appropriate)) be placed in secure/lib/lib*/ and turned into a separate library. Some of this code may cause serious trouble for owners in certain countries. (eg rsa in US.) The public headers for these to be placed in /usr/include for orthogonality with des.h in 1) above. 5) secure/usr.bin/telnet is kerberised, and as such should move to eBones. 6) (not discussed at all - I think) Eric Young has not touched eBones for _years_, and is not likely to. The code in eBones is a mess, and I would like to rebuild it as a lib/ include/ usr.bin/ usr.sbin/ structure for orthogonality with secure and gnu. This is more-or-less how the original code looked. 7) More will follow as I start to work on it (Secure RPC etc). M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Tue Jun 20 08:09:09 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA23509 for current-outgoing; Tue, 20 Jun 1995 08:09:09 -0700 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id IAA23499 for ; Tue, 20 Jun 1995 08:09:06 -0700 Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.3.6) id AA10295; Tue, 20 Jun 1995 11:08:38 -0400 Date: Tue, 20 Jun 1995 11:08:38 -0400 From: Garrett Wollman Message-Id: <9506201508.AA10295@halloran-eldar.lcs.mit.edu> To: Mark Murray Cc: rgrimes@gndrsh.aac.dev.com, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org Subject: The great crypt reshuffle In-Reply-To: <199506201457.QAA02441@grumble.grondar.za> References: <199506201457.QAA02441@grumble.grondar.za> Sender: current-owner@freebsd.org Precedence: bulk < said: > 5) secure/usr.bin/telnet is kerberised, and as such should move to > eBones. NO! As I said before, `telnet' is just like `rsh', `rlogin', and `rcp': there is a Kerberized version in the regular /usr/src. The version in /usr/src/secure is there because it can do encryption in addition to authentication. > 6) (not discussed at all - I think) Eric Young has not touched eBones > for _years_, and is not likely to. The code in eBones is a mess, and I > would like to rebuild it as a lib/ include/ usr.bin/ usr.sbin/ > structure for orthogonality with secure and gnu. This is more-or-less > how the original code looked. I wanted to do this but never had the time. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant From owner-freebsd-current Tue Jun 20 08:23:45 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA24178 for current-outgoing; Tue, 20 Jun 1995 08:23:45 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id IAA24172 ; Tue, 20 Jun 1995 08:23:41 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id IAA01730; Tue, 20 Jun 1995 08:23:31 -0700 From: "Rodney W. Grimes" Message-Id: <199506201523.IAA01730@gndrsh.aac.dev.com> Subject: Re: The great crypt reshuffle To: mark@grondar.za (Mark Murray) Date: Tue, 20 Jun 1995 08:23:31 -0700 (PDT) Cc: Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org In-Reply-To: <199506201457.QAA02441@grumble.grondar.za> from "Mark Murray" at Jun 20, 95 04:57:22 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 3253 Sender: current-owner@freebsd.org Precedence: bulk > > Hi > > There has been good discussion over the last couple of days, and this > is an attempt to summarise the concensus so far, and turn it into an > agreed-upon proposal. Where I have gotten wrong, please gently correct, > where I have forgotten please remind etc... > > 1) The DES library is to move from eBones to secure/lib/libdes. > des.h (the public header for this library) moves from > /usr/include/kerberosIV to /usr/include, and to be updated with > much more recent code from Eric Young, the original author. Fine, just remeber to add it to the list of places to install header files from when doing ``make includes'' in /usr/src. See target includes: in /usr/src/Makefile. > 2) crypt(3) and friends in libcipher to be replaced with faster code > from same author as libdes, and to merge with libdes. (I know, not > much concensus here - I'm just pushing my luck) We need to know just what it was that csgr had in mind when he was doing all of this. From the README.FreeBSD in libcipher I get the feeling he was going the other way, but evenutally wanted to collapse the libraries: gndrsh# more README.FreeBSD $Id: README.FreeBSD,v 1.1.1.1 1994/09/07 21:18:07 csgr Exp $ This is FreeSec package for NetBSD, unchanged for FreeBSD, except for the Makefile. The other stuff in libcrypt will be added in stages! gndrsh# > 3) libcrypts containing _only_ des crypt(3) and md5 crypt(3) to remain > unchanged (Except perhaps for newer code in des crypt(3)) to maintain > possible foreign licensing. One selected as the _real_ libcrypt by > symlink. Okay! > 4) (Very little discussion here) Other libraries containing crypto > code (ssl, rsa, md4, idea (where legal/appropriate)) be placed in > secure/lib/lib*/ and turned into a separate library. Some of this > code may cause serious trouble for owners in certain countries. (eg > rsa in US.) The public headers for these to be placed in /usr/include > for orthogonality with des.h in 1) above. I would just rather leave this code by the way side as far as /usr/src goes. We already have enough legal problems with the current set of code and I think doing this would open a can of works. Perhaps making a ``port'' collection that installed into /usr/local/lib would be a better path to take (pun intended). > 5) secure/usr.bin/telnet is kerberised, and as such should move to > eBones. Agreed. > 6) (not discussed at all - I think) Eric Young has not touched eBones > for _years_, and is not likely to. The code in eBones is a mess, and I > would like to rebuild it as a lib/ include/ usr.bin/ usr.sbin/ > structure for orthogonality with secure and gnu. This is more-or-less > how the original code looked. Then why was it changed to be the way it is now? We need this input and reasoning from Geoff before I can accept changing it yet again. There must have been (hopefully) some reason that he drastically changed it from the way that it was originally. > 7) More will follow as I start to work on it (Secure RPC etc). One thing at a time please... :-) :-) -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD From owner-freebsd-current Tue Jun 20 08:28:06 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA24346 for current-outgoing; Tue, 20 Jun 1995 08:28:06 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id IAA24337 ; Tue, 20 Jun 1995 08:28:02 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id IAA01756; Tue, 20 Jun 1995 08:27:58 -0700 From: "Rodney W. Grimes" Message-Id: <199506201527.IAA01756@gndrsh.aac.dev.com> Subject: Re: The great crypt reshuffle To: wollman@halloran-eldar.lcs.mit.edu (Garrett Wollman) Date: Tue, 20 Jun 1995 08:27:58 -0700 (PDT) Cc: mark@grondar.za, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org In-Reply-To: <9506201508.AA10295@halloran-eldar.lcs.mit.edu> from "Garrett Wollman" at Jun 20, 95 11:08:38 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1292 Sender: current-owner@freebsd.org Precedence: bulk > > < said: > > > 5) secure/usr.bin/telnet is kerberised, and as such should move to > > eBones. > > NO! As I said before, `telnet' is just like `rsh', `rlogin', and > `rcp': there is a Kerberized version in the regular /usr/src. The > version in /usr/src/secure is there because it can do encryption in > addition to authentication. AHH!! Okay, right, now I remeber, the secure/usr.bin/telnet/* files are all the sprinkled bits of telnet to support encrypted connections, not kerbirized authentication. Garrett is right, this should stay just where it is, I retract my statement that moving this would be okay. > > 6) (not discussed at all - I think) Eric Young has not touched eBones > > for _years_, and is not likely to. The code in eBones is a mess, and I > > would like to rebuild it as a lib/ include/ usr.bin/ usr.sbin/ > > structure for orthogonality with secure and gnu. This is more-or-less > > how the original code looked. > > I wanted to do this but never had the time. Okay, so now we really need to know what Geoff was up to!!! -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD From owner-freebsd-current Tue Jun 20 08:51:30 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA25631 for current-outgoing; Tue, 20 Jun 1995 08:51:30 -0700 Received: from dsw.com (root@[199.171.231.5]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id IAA25625 for ; Tue, 20 Jun 1995 08:51:29 -0700 Received: from dsw.dsw.com by dsw.com (8.6.12) id JAA29344; Tue, 20 Jun 1995 09:51:26 -0600 Date: Tue, 20 Jun 1995 09:51:26 -0600 (MDT) From: Pete Kruckenberg To: freebsd-current@freebsd.org Subject: Re: to be 2.1 or not to be 2.1? In-Reply-To: <13452.803654592@whisker.internet-eireann.ie> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: current-owner@freebsd.org Precedence: bulk On Tue, 20 Jun 1995, Jordan K. Hubbard wrote: > 2.2 is just what's under development as "-current". 2.1 is a > stability release and will only have incremental improvements from > 2.0.5R made to it. Any idea when disk quotas will be fixed (for 2.1, maybe)? Of course, I'm assuming that they don't work in 2.0.5R (as stated). Pete Kruckenberg pete@dsw.com From owner-freebsd-current Tue Jun 20 10:34:43 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id KAA29796 for current-outgoing; Tue, 20 Jun 1995 10:34:43 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id KAA29785 ; Tue, 20 Jun 1995 10:34:25 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id TAA01305; Tue, 20 Jun 1995 19:34:05 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id TAA02834; Tue, 20 Jun 1995 19:34:02 +0200 Message-Id: <199506201734.TAA02834@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: "Rodney W. Grimes" cc: wollman@halloran-eldar.lcs.mit.edu (Garrett Wollman), mark@grondar.za, gibbs@freefall.cdrom.com, current@freebsd.org Subject: Re: The great crypt reshuffle Date: Tue, 20 Jun 1995 19:34:02 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > > > > < said: > > > > > 5) secure/usr.bin/telnet is kerberised, and as such should move to > > > eBones. > > > > NO! As I said before, `telnet' is just like `rsh', `rlogin', and > > `rcp': there is a Kerberized version in the regular /usr/src. The > > version in /usr/src/secure is there because it can do encryption in > > addition to authentication. > > AHH!! Okay, right, now I remeber, the secure/usr.bin/telnet/* files are > all the sprinkled bits of telnet to support encrypted connections, not > kerbirized authentication. Garrett is right, this should stay just where > it is, I retract my statement that moving this would be okay. I must be on drugs :-( . I remember this now. OK - it stays where it is. > > > 6) (not discussed at all - I think) Eric Young has not touched eBones > > > for _years_, and is not likely to. The code in eBones is a mess, and I > > > would like to rebuild it as a lib/ include/ usr.bin/ usr.sbin/ > > > structure for orthogonality with secure and gnu. This is more-or-less > > > how the original code looked. > > > > I wanted to do this but never had the time. > > Okay, so now we really need to know what Geoff was up to!!! I know where to find him. I'll phone him. M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Tue Jun 20 10:49:12 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id KAA00219 for current-outgoing; Tue, 20 Jun 1995 10:49:12 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id KAA00208 ; Tue, 20 Jun 1995 10:48:55 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id TAA01321; Tue, 20 Jun 1995 19:48:33 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id TAA02872; Tue, 20 Jun 1995 19:48:31 +0200 Message-Id: <199506201748.TAA02872@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: "Rodney W. Grimes" cc: mark@grondar.za (Mark Murray), Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org Subject: Re: The great crypt reshuffle Date: Tue, 20 Jun 1995 19:48:30 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > > > > Hi > > > > There has been good discussion over the last couple of days, and this > > is an attempt to summarise the concensus so far, and turn it into an > > agreed-upon proposal. Where I have gotten wrong, please gently correct, > > where I have forgotten please remind etc... > > > > 1) The DES library is to move from eBones to secure/lib/libdes. > > des.h (the public header for this library) moves from > > /usr/include/kerberosIV to /usr/include, and to be updated with > > much more recent code from Eric Young, the original author. > > Fine, just remeber to add it to the list of places to install header > files from when doing ``make includes'' in /usr/src. See target includes: > in /usr/src/Makefile. Yehbo. `make beforeinstall' and all that. > > 2) crypt(3) and friends in libcipher to be replaced with faster code > > from same author as libdes, and to merge with libdes. (I know, not > > much concensus here - I'm just pushing my luck) > > We need to know just what it was that csgr had in mind when he was > doing all of this. From the README.FreeBSD in libcipher I get the > feeling he was going the other way, but evenutally wanted to collapse > the libraries: > gndrsh# more README.FreeBSD > $Id: README.FreeBSD,v 1.1.1.1 1994/09/07 21:18:07 csgr Exp $ > > This is FreeSec package for NetBSD, unchanged for > FreeBSD, except for the Makefile. > > The other stuff in libcrypt will be added in stages! > gndrsh# I'll contact him personally here. I have his phone No. > > 4) (Very little discussion here) Other libraries containing crypto > > code (ssl, rsa, md4, idea (where legal/appropriate)) be placed in > > secure/lib/lib*/ and turned into a separate library. Some of this > > code may cause serious trouble for owners in certain countries. (eg > > rsa in US.) The public headers for these to be placed in /usr/include > > for orthogonality with des.h in 1) above. > > I would just rather leave this code by the way side as far as /usr/src > goes. We already have enough legal problems with the current set of > code and I think doing this would open a can of works. Perhaps making > a ``port'' collection that installed into /usr/local/lib would be > a better path to take (pun intended). I'll buy that for all but ssl. The Secure Sockes Layer has _great_ potential for thinkgs like secure telnet, secure ftp, secure tftp, secure CTP (Clay tablet protocol) etc. I've just been reading some stuff on crypto and licensing int the US and it scares the willies out of me. What is this? The 4th reich? ;-) :-) :-) :-) No wonder you guys hate lawyers so much. > > 7) More will follow as I start to work on it (Secure RPC etc). > > One thing at a time please... :-) :-) Please? I want to change it _all_, _now_?! ;-) M PS - What is a`bug'? ;)` -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Tue Jun 20 10:53:57 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id KAA00521 for current-outgoing; Tue, 20 Jun 1995 10:53:57 -0700 Received: from lambda (lambda.demon.co.uk [158.152.17.124]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id KAA00511 for ; Tue, 20 Jun 1995 10:53:53 -0700 Received: (from paul@localhost) by lambda (8.6.11/8.6.9) id RAA05174; Tue, 20 Jun 1995 17:37:33 +0100 From: Paul Richards Message-Id: <199506201637.RAA05174@lambda> Subject: Re: DES, crypt and eBones To: rgrimes@gndrsh.aac.dev.com (Rodney W. Grimes) Date: Tue, 20 Jun 1995 17:36:18 +0100 (BST) Cc: mark@grondar.za, FreeBSD-current@freebsd.org In-Reply-To: <199506170737.AAA06445@gndrsh.aac.dev.com> from "Rodney W. Grimes" at Jun 17, 95 00:37:06 am Reply-to: paul@freebsd.org X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=UK-ASCII Content-Transfer-Encoding: 8bit Content-Length: 1544 Sender: current-owner@freebsd.org Precedence: bulk In reply to Rodney W. Grimes who said > > > It is still dangerous, as the State Department could start with us, find > out how we brought it back in, go to you, and trace backwards to the > source. Though we may have not exported it, we sure as heck where acting > as a party to a known crime. > > I would rather just stay away from the Kerberos code... > This is just passing the buck though (and is relevant for the crypt code in general and not just kerberos). Either you (i.e. those in the US) import work that is based on a site outside the US or we (i.e outside the US) grab the work that you do and very clearly break the export laws. Basing the work at a site outside the US and importing it seems the better of the two. I agree with Poul, we should move the non-exportable code to a "safe" site and call it secure.freebsd.org. It can become an official distribution site that everyone can import from. The arguments I've heard against this are self-centered i.e. I'm not working on the code if it's not conveniently sited at freefall, well tough, we (outside the US) have to put up with this why should the US contributers suffer *very little* when making infrequent contributions to the secure code. Mark's doing most of the work and this would be perfectly legal in any interpretation, site the stuff on his machine. No more problems. -- Paul Richards, Bluebird Computer Systems. FreeBSD core team member. Internet: paul@FreeBSD.org, http://www.freebsd.org/~paul Phone: 0370 462071 (Mobile), +44 1222 457651 (home) From owner-freebsd-current Tue Jun 20 11:20:25 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA01855 for current-outgoing; Tue, 20 Jun 1995 11:20:25 -0700 Received: (from phk@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA01845 ; Tue, 20 Jun 1995 11:20:23 -0700 From: Poul-Henning Kamp Message-Id: <199506201820.LAA01845@freefall.cdrom.com> Subject: Re: The great crypt reshuffle To: mark@grondar.za (Mark Murray) Date: Tue, 20 Jun 1995 11:20:22 -0700 (PDT) Cc: rgrimes@gndrsh.aac.dev.com, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org In-Reply-To: <199506201457.QAA02441@grumble.grondar.za> from "Mark Murray" at Jun 20, 95 04:57:22 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 1147 Sender: current-owner@freebsd.org Precedence: bulk > 2) crypt(3) and friends in libcipher to be replaced with faster code > from same author as libdes, and to merge with libdes. (I know, not > much concensus here - I'm just pushing my luck) > 3) libcrypts containing _only_ des crypt(3) and md5 crypt(3) to remain > unchanged (Except perhaps for newer code in des crypt(3)) to maintain > possible foreign licensing. One selected as the _real_ libcrypt by > symlink. You can even consider making the DES crypt(3) take MD5 crypt(3) strings too. You can recognize them on the $1$ at the start. That would allow a system to use either type and this the good ol' trick of sending a encrypted password in an email would still be good. > 4) (Very little discussion here) Other libraries containing crypto > code (ssl, rsa, md4, idea (where legal/appropriate)) be placed in md2, md4 and md5 isn't export-restricted. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Just that: dried leaves in boiling water ? From owner-freebsd-current Tue Jun 20 11:29:03 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA02475 for current-outgoing; Tue, 20 Jun 1995 11:29:03 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA02464 ; Tue, 20 Jun 1995 11:28:39 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id UAA01380; Tue, 20 Jun 1995 20:27:58 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id UAA03085; Tue, 20 Jun 1995 20:27:55 +0200 Message-Id: <199506201827.UAA03085@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: Poul-Henning Kamp cc: mark@grondar.za (Mark Murray), rgrimes@gndrsh.aac.dev.com, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org Subject: Re: The great crypt reshuffle Date: Tue, 20 Jun 1995 20:27:54 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > > 2) crypt(3) and friends in libcipher to be replaced with faster code > > from same author as libdes, and to merge with libdes. (I know, not > > much concensus here - I'm just pushing my luck) > > 3) libcrypts containing _only_ des crypt(3) and md5 crypt(3) to remain > > unchanged (Except perhaps for newer code in des crypt(3)) to maintain > > possible foreign licensing. One selected as the _real_ libcrypt by > > symlink. > > You can even consider making the DES crypt(3) take MD5 crypt(3) strings > too. You can recognize them on the $1$ at the start. That would allow > a system to use either type and this the good ol' trick of sending a > encrypted password in an email would still be good. Hmmm... There's a thought... > md2, md4 and md5 isn't export-restricted. True. Rod wants these to be more like ports, although they may be useful as the crypto layer for SSL. M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Tue Jun 20 11:31:24 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA02759 for current-outgoing; Tue, 20 Jun 1995 11:31:24 -0700 Received: (from phk@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA02750 ; Tue, 20 Jun 1995 11:31:24 -0700 From: Poul-Henning Kamp Message-Id: <199506201831.LAA02750@freefall.cdrom.com> Subject: Re: The great crypt reshuffle To: mark@grondar.za (Mark Murray) Date: Tue, 20 Jun 1995 11:31:23 -0700 (PDT) Cc: mark@grondar.za, rgrimes@gndrsh.aac.dev.com, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org In-Reply-To: <199506201827.UAA03085@grumble.grondar.za> from "Mark Murray" at Jun 20, 95 08:27:54 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 517 Sender: current-owner@freebsd.org Precedence: bulk > > md2, md4 and md5 isn't export-restricted. > > True. Rod wants these to be more like ports, although they may be useful as > the crypto layer for SSL. They presenly live in libmd, and there is no reason to change that, that I have heard about. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Just that: dried leaves in boiling water ? From owner-freebsd-current Tue Jun 20 11:46:25 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA03385 for current-outgoing; Tue, 20 Jun 1995 11:46:25 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA03379 ; Tue, 20 Jun 1995 11:46:22 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id LAA02283; Tue, 20 Jun 1995 11:46:38 -0700 From: "Rodney W. Grimes" Message-Id: <199506201846.LAA02283@gndrsh.aac.dev.com> Subject: Re: DES, crypt and eBones To: paul@freebsd.org Date: Tue, 20 Jun 1995 11:46:38 -0700 (PDT) Cc: mark@grondar.za, FreeBSD-current@freebsd.org In-Reply-To: <199506201637.RAA05174@lambda> from "Paul Richards" at Jun 20, 95 05:36:18 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1958 Sender: current-owner@freebsd.org Precedence: bulk > > In reply to Rodney W. Grimes who said > > > > > > It is still dangerous, as the State Department could start with us, find > > out how we brought it back in, go to you, and trace backwards to the > > source. Though we may have not exported it, we sure as heck where acting > > as a party to a known crime. > > > > I would rather just stay away from the Kerberos code... > > > > This is just passing the buck though (and is relevant for the crypt code > in general and not just kerberos). > > Either you (i.e. those in the US) import work that is based on a site > outside the US or we (i.e outside the US) grab the work that you do and > very clearly break the export laws. > > Basing the work at a site outside the US and importing it seems the > better of the two. I agree with Poul, we should move the non-exportable code > to a "safe" site and call it secure.freebsd.org. It can become an official > distribution site that everyone can import from. > > The arguments I've heard against this are self-centered i.e. I'm not > working on the code if it's not conveniently sited at freefall, well > tough, we (outside the US) have to put up with this why should the US > contributers suffer *very little* when making infrequent contributions > to the secure code. Mark's doing most of the work and this would be > perfectly legal in any interpretation, site the stuff on his machine. > No more problems. Give me a site stable enough that could be used and I we can talk it up in -core. But from past record we are not doing to good here. We have had 3 folks from outside the USA start down this road, and we are hoping that that Mark can stay with it for the long haul, but without a site as devoted to FreeBSD as freefall by corporate dollar I don't see us moving the bits any place. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD From owner-freebsd-current Tue Jun 20 11:49:23 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA03523 for current-outgoing; Tue, 20 Jun 1995 11:49:23 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA03516 ; Tue, 20 Jun 1995 11:49:21 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id LAA02295; Tue, 20 Jun 1995 11:49:37 -0700 From: "Rodney W. Grimes" Message-Id: <199506201849.LAA02295@gndrsh.aac.dev.com> Subject: Re: The great crypt reshuffle To: phk@freefall.cdrom.com (Poul-Henning Kamp) Date: Tue, 20 Jun 1995 11:49:37 -0700 (PDT) Cc: mark@grondar.za, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org In-Reply-To: <199506201831.LAA02750@freefall.cdrom.com> from "Poul-Henning Kamp" at Jun 20, 95 11:31:23 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 810 Sender: current-owner@freebsd.org Precedence: bulk > > > > md2, md4 and md5 isn't export-restricted. > > > > True. Rod wants these to be more like ports, although they may be useful as > > the crypto layer for SSL. > > They presenly live in libmd, and there is no reason to change that, that I > have heard about. Nor did I state that I wanted the md* stuff moved, it was all this additional stuff that you are talking about ``adding''. The core OS now uses these md* routines in several places and can not be built without them. However all this added crypto functionality is completly optional. Please don't say I said things I did not say!!! Your list had NOTHING in it about /usr/lib/libmd.a!!! -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD From owner-freebsd-current Tue Jun 20 12:07:54 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA04036 for current-outgoing; Tue, 20 Jun 1995 12:07:54 -0700 Received: (from phk@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA04026 ; Tue, 20 Jun 1995 12:07:53 -0700 From: Poul-Henning Kamp Message-Id: <199506201907.MAA04026@freefall.cdrom.com> Subject: Re: The great crypt reshuffle To: rgrimes@gndrsh.aac.dev.com (Rodney W. Grimes) Date: Tue, 20 Jun 1995 12:07:53 -0700 (PDT) Cc: mark@grondar.za, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org In-Reply-To: <199506201849.LAA02295@gndrsh.aac.dev.com> from "Rodney W. Grimes" at Jun 20, 95 11:49:37 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 999 Sender: current-owner@freebsd.org Precedence: bulk > > > > md2, md4 and md5 isn't export-restricted. > > > > > > True. Rod wants these to be more like ports, although they may be useful as > > > the crypto layer for SSL. > > > > They presenly live in libmd, and there is no reason to change that, that I > > have heard about. > > Nor did I state that I wanted the md* stuff moved, it was all this additional > stuff that you are talking about ``adding''. The core OS now uses these > md* routines in several places and can not be built without them. However > all this added crypto functionality is completly optional. > > Please don't say I said things I did not say!!! Your list had NOTHING in > it about /usr/lib/libmd.a!!! Calm down Rod, you're far too touchy just now. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Just that: dried leaves in boiling water ? From owner-freebsd-current Tue Jun 20 12:09:08 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA04113 for current-outgoing; Tue, 20 Jun 1995 12:09:08 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id MAA04089 ; Tue, 20 Jun 1995 12:08:43 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id VAA01443; Tue, 20 Jun 1995 21:08:24 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id VAA03270; Tue, 20 Jun 1995 21:08:23 +0200 Message-Id: <199506201908.VAA03270@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: "Rodney W. Grimes" cc: phk@freefall.cdrom.com (Poul-Henning Kamp), mark@grondar.za, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org Subject: Re: The great crypt reshuffle Date: Tue, 20 Jun 1995 21:08:22 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > > > > md2, md4 and md5 isn't export-restricted. > > > > > > True. Rod wants these to be more like ports, although they may be useful as > > > the crypto layer for SSL. > > > > They presenly live in libmd, and there is no reason to change that, that I > > have heard about. > > Nor did I state that I wanted the md* stuff moved, it was all this additional > stuff that you are talking about ``adding''. The core OS now uses these > md* routines in several places and can not be built without them. However > all this added crypto functionality is completly optional. > > Please don't say I said things I did not say!!! Your list had NOTHING in > it about /usr/lib/libmd.a!!! Slow down guys. I think this was my stuffup. I saw md[234] - what is in the code I have is rc[234], and I dumbly nodded my head. M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Tue Jun 20 12:11:28 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA04214 for current-outgoing; Tue, 20 Jun 1995 12:11:28 -0700 Received: from mail1.wolfe.net (mail1.wolfe.net [204.157.98.11]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id MAA04207 ; Tue, 20 Jun 1995 12:11:27 -0700 Received: from gonzo.wolfe.net (moore@gonzo.wolfe.net [204.157.98.2]) by mail1.wolfe.net (8.6.12/8.6.10) with ESMTP id MAA19790; Tue, 20 Jun 1995 12:12:09 -0700 From: Timothy Moore Received: (moore@localhost) by gonzo.wolfe.net (8.6.10/8.6.9) id MAA22919; Tue, 20 Jun 1995 12:10:37 -0700 Date: Tue, 20 Jun 1995 12:10:37 -0700 Message-Id: <199506201910.MAA22919@gonzo.wolfe.net> To: paul@freebsd.org CC: rgrimes@gndrsh.aac.dev.com, mark@grondar.za, FreeBSD-current@freebsd.org In-reply-to: Paul Richards's message of Tue, 20 Jun 1995 17:36:18 +0100 (BST) <199506201637.RAA05174@lambda> Subject: Re: DES, crypt and eBones Sender: current-owner@freebsd.org Precedence: bulk From: Paul Richards Date: Tue, 20 Jun 1995 17:36:18 +0100 (BST) Reply-to: paul@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UK-ASCII Content-Transfer-Encoding: 8bit Content-Length: 1544 Sender: current-owner@freebsd.org In reply to Rodney W. Grimes who said > > I would rather just stay away from the Kerberos code... > This is just passing the buck though (and is relevant for the crypt code in general and not just kerberos). Either you (i.e. those in the US) import work that is based on a site outside the US or we (i.e outside the US) grab the work that you do and very clearly break the export laws. Basing the work at a site outside the US and importing it seems the better of the two. I agree with Poul, we should move the non-exportable code to a "safe" site and call it secure.freebsd.org. It can become an official distribution site that everyone can import from. I think you're missing something. It's just as serious a violation of the ITAR rules to import crypto stuff into the US as export it. It's a munition, it doesn't really matter what direction it gets shipped. Tim From owner-freebsd-current Tue Jun 20 12:30:05 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA05037 for current-outgoing; Tue, 20 Jun 1995 12:30:05 -0700 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id MAA05031 for ; Tue, 20 Jun 1995 12:30:04 -0700 Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.3.6) id AA10773; Tue, 20 Jun 1995 15:29:58 -0400 Date: Tue, 20 Jun 1995 15:29:58 -0400 From: Garrett Wollman Message-Id: <9506201929.AA10773@halloran-eldar.lcs.mit.edu> To: Timothy Moore Cc: FreeBSD-current@freebsd.org Subject: Re: DES, crypt and eBones In-Reply-To: <199506201910.MAA22919@gonzo.wolfe.net> References: <199506201637.RAA05174@lambda> <199506201910.MAA22919@gonzo.wolfe.net> Sender: current-owner@freebsd.org Precedence: bulk < said: > I think you're missing something. It's just as serious a violation of > the ITAR rules to import crypto stuff into the US as export it. It's > a munition, it doesn't really matter what direction it gets shipped. That is not the information that I have, unless they have changed the rules substantially since I last looked into this subject. So far as I'm aware, only two countries prohibit the importation of crypto; France is one and I don't remember the other. There was a very heated discussion in this regard at the last IETF on the question of whether IP6 should include as a mandatory facility some sort of strong encryption. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant From owner-freebsd-current Tue Jun 20 12:48:20 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA06131 for current-outgoing; Tue, 20 Jun 1995 12:48:20 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id MAA06111 ; Tue, 20 Jun 1995 12:48:17 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id MAA02492; Tue, 20 Jun 1995 12:48:31 -0700 From: "Rodney W. Grimes" Message-Id: <199506201948.MAA02492@gndrsh.aac.dev.com> Subject: Re: The great crypt reshuffle To: phk@freefall.cdrom.com (Poul-Henning Kamp) Date: Tue, 20 Jun 1995 12:48:31 -0700 (PDT) Cc: mark@grondar.za, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org In-Reply-To: <199506201907.MAA04026@freefall.cdrom.com> from "Poul-Henning Kamp" at Jun 20, 95 12:07:53 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1145 Sender: current-owner@freebsd.org Precedence: bulk > > > > > > md2, md4 and md5 isn't export-restricted. > > > > > > > > True. Rod wants these to be more like ports, although they may be useful as > > > > the crypto layer for SSL. > > > > > > They presenly live in libmd, and there is no reason to change that, that I > > > have heard about. > > > > Nor did I state that I wanted the md* stuff moved, it was all this additional > > stuff that you are talking about ``adding''. The core OS now uses these > > md* routines in several places and can not be built without them. However > > all this added crypto functionality is completly optional. > > > > Please don't say I said things I did not say!!! Your list had NOTHING in > > it about /usr/lib/libmd.a!!! > > Calm down Rod, you're far too touchy just now. Sorry about that, but I have had no less than 4 people today put words in my mouth that where never stated and I am not liking it one bit! Sure I am a pendantic asshole at times about this stuff, but someone has to be. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD From owner-freebsd-current Wed Jun 21 11:43:33 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA10800 for current-outgoing; Wed, 21 Jun 1995 11:43:33 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA10794 for ; Wed, 21 Jun 1995 11:43:29 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id LAA04131 for FreeBSD-current@FreeBSD.Org; Wed, 21 Jun 1995 11:43:42 -0700 From: "Rodney W. Grimes" Message-Id: <199506211843.LAA04131@gndrsh.aac.dev.com> Subject: Mistype in code of /sys/i386/isa/sio.c? (fwd) To: FreeBSD-current@FreeBSD.Org (FreeBSD current) Date: Wed, 21 Jun 1995 11:43:42 -0700 (PDT) X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 947 Sender: current-owner@FreeBSD.Org Precedence: bulk Mail sent to me about sio.c problem: Forwarded message: > From root@spiffy.cybernet.com Wed Jun 21 11:33:13 1995 > Date: Wed, 21 Jun 1995 14:32:14 -0400 > From: Charlie Root > Message-Id: <199506211832.OAA05940@spiffy.cybernet.com> > To: rgrimes@gndrsh.aac.dev.com > Subject: Mistype in code of /sys/i386/isa/sio.c? > > Rod- > > This is Mark Taylor from Cybernet Systems. I'm sending you this email because > I'm working on the sio.c code, and right now I'm trying to understand it. > > In the sioattach() code, I see that (on line 738) that an outb is being done > to the modem_status_register, presumably to set the DTR and RTS lines, which > should be done at the modem_ctl_port (sorry, I typed that wrong- modem_status_ > register should read modem_st > -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD From owner-freebsd-current Thu Jun 22 04:42:02 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id EAA27265 for current-outgoing; Thu, 22 Jun 1995 04:42:02 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id EAA27231 ; Thu, 22 Jun 1995 04:41:21 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id NAA00570; Thu, 22 Jun 1995 13:40:42 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id NAA07094; Thu, 22 Jun 1995 13:40:24 +0200 Message-Id: <199506221140.NAA07094@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: current@freebsd.org, Wollman@halloran-eldar.lcs.mit.edu, rgrimes@gndrsh.aac.dev.com, gibbs@freefall.cdrom.com, jkh@freefall.cdrom.com, bertus@mikom.csir.co.za Subject: Re: DES, crypt and eBones (fwd) (SITE outside USA) Date: Thu, 22 Jun 1995 13:40:24 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk Well lookee here! (reposted from -current, as I have not yet seen dialogue) Thanks Bertus and John! M > From: Bertus Pretorius > Date: Thu, 22 Jun 1995 10:06:40 +0200 (SAT) > Subject: Re: DES, crypt and eBones (fwd) (SITE outside USA) > > Many things deleted.... > > > > > > Give me a site stable enough that could be used and I we can talk it > > > up in -core. But from past record we are not doing to good here. We > > > have had 3 folks from outside the USA start down this road, and we are > > > hoping that that Mark can stay with it for the long haul, but without > > > a site as devoted to FreeBSD as freefall by corporate dollar I don't see > > > us moving the bits any place. > > > > > > > > > -- > > > Rod Grimes rgrimes@gndrsh.aac.dev.co m > > > Accurate Automation Company Custom computers for FreeBS D > > > > > > > > On this point, sorry for the lateness - I was on leave and even though jhay > (John Hay) is good at development, he is a bit slow on giving me important > messages - and I missed this one :) (He gave me a 'klap' for this). > > We, at the CSIR - the bunch that takes care of skeleton (Mark's crypt and eBo nes > site) should qualify for the above needed place. In fact we are volutering t o > do the job. First I need to give some background to motivate our commitment > to such a site. > > We are part of the Councel for Scientific Industrial Research of South Africa From owner-freebsd-current Thu Jun 22 08:46:19 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA13089 for current-outgoing; Thu, 22 Jun 1995 08:46:19 -0700 Received: from servo.ipsilon.com (servo.Ipsilon.COM [204.160.241.205]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id IAA13082 for ; Thu, 22 Jun 1995 08:46:18 -0700 Received: from localhost.ipsilon.com (localhost.ipsilon.com [127.0.0.1]) by servo.ipsilon.com (8.6.11/8.6.10) with SMTP id IAA24879; Thu, 22 Jun 1995 08:44:59 -0700 Message-Id: <199506221544.IAA24879@servo.ipsilon.com> X-Authentication-Warning: servo.ipsilon.com: Host localhost.ipsilon.com didn't use HELO protocol X-Mailer: exmh version 1.6beta 3/23/95 To: freebsd-current@freebsd.org cc: rem@ginger.lcs.mit.edu Subject: Re: ps/2 mouse and 2.0.5 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 22 Jun 1995 08:44:58 -0700 From: Robert Minnear Sender: current-owner@freebsd.org Precedence: bulk > Date: Thu, 1 Jun 1995 11:33:03 -0500 (CDT) > From: "Lars Fredriksen" > Well, if I do the following: > > dd if=/dev/psm0 > > Then I recover my keyboard, so there must be something the > psm driver do either in attach or in open that disables/enables the > keyboard. Maybe I should just use xdm :-) I see from the archives the same problems and conditions I am having with a ps/2 mouse and a frozen keyboard exist. However, I don't see if a solution was ever given. Could someone forward me the solution if it exists??? Or at least enlighten me a bit... Thanks. From owner-freebsd-current Thu Jun 22 09:49:55 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id JAA16184 for current-outgoing; Thu, 22 Jun 1995 09:49:55 -0700 Received: from dsw.com (root@[199.171.231.5]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id JAA16178 for ; Thu, 22 Jun 1995 09:49:54 -0700 Received: from dsw.dsw.com by dsw.com (8.6.12) id KAA01124; Thu, 22 Jun 1995 10:49:52 -0600 Date: Thu, 22 Jun 1995 10:49:51 -0600 (MDT) From: Pete Kruckenberg To: FreeBSD-current@freebsd.org Subject: Disk quotas: why broken, when fixed? In-Reply-To: <199506201910.MAA22919@gonzo.wolfe.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: current-owner@freebsd.org Precedence: bulk I've read several comments about disk quotas in 2.0.5R, most of them saying that they're broken. Could somebody take a sec to tell me exactly what is broken and why? I'd love to try to fix it, but I'd like a little insight beforehand. Is anyone working on fixing disk quotas yet? I wouldn't want to duplicate efforts, so let me know now before I get started. A short history of when disk quotas were broken, why they got broken, and what might be needed to fix them would be very helpful. Thanks. Pete Kruckenberg pete@dsw.com From owner-freebsd-current Thu Jun 22 10:54:47 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id KAA18943 for current-outgoing; Thu, 22 Jun 1995 10:54:47 -0700 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id KAA18935 for ; Thu, 22 Jun 1995 10:54:42 -0700 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id DAA07288; Fri, 23 Jun 1995 03:49:07 +1000 Date: Fri, 23 Jun 1995 03:49:07 +1000 From: Bruce Evans Message-Id: <199506221749.DAA07288@godzilla.zeta.org.au> To: FreeBSD-current@freebsd.org, rgrimes@gndrsh.aac.dev.com Subject: Re: Mistype in code of /sys/i386/isa/sio.c? (fwd) Sender: current-owner@freebsd.org Precedence: bulk >> This is Mark Taylor from Cybernet Systems. I'm sending you this email because >> I'm working on the sio.c code, and right now I'm trying to understand it. >> >> In the sioattach() code, I see that (on line 738) that an outb is being done >> to the modem_status_register, presumably to set the DTR and RTS lines, which >> should be done at the modem_ctl_port (sorry, I typed that wrong- modem_status_ >> register should read modem_st Yes, the outb is bogus. It doesn't matter much because KGDB isn't supported. The KGDB code is broken in other ways. BruceB From owner-freebsd-current Thu Jun 22 12:13:13 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA21006 for current-outgoing; Thu, 22 Jun 1995 12:13:13 -0700 Received: from eikon.regent.e-technik.tu-muenchen.de (root@eikon.regent.e-technik.tu-muenchen.de [129.187.42.3]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id MAA20999 for ; Thu, 22 Jun 1995 12:13:07 -0700 Received: from vector.eikon.e-technik.tu-muenchen.de ([129.187.142.36]) by eikon.regent.e-technik.tu-muenchen.de with SMTP id <55303>; Thu, 22 Jun 1995 21:12:48 +0200 Received: (from jhs@localhost) by vector.eikon.e-technik.tu-muenchen.de (8.6.11/8.6.9) id RAA00867 for current@freebsd.org; Thu, 22 Jun 1995 17:15:17 +0200 Date: Thu, 22 Jun 1995 17:15:17 +0200 From: Julian Howard Stacey Message-Id: <199506221515.RAA00867@vector.eikon.e-technik.tu-muenchen.de> To: current@freebsd.org Subject: kernel response Sender: current-owner@freebsd.org Precedence: bulk This is mainly for our Kernel & Parallel Port Driver people (David, & Geoff Rehmet ? ) When I print via the standard spooler (lpr -#2), a 300K file, going to an hp3p laser via a parallel port, all screen updating goes dead for several seconds, ( the -#2 doubles the data, doesnt use the PCL5 print twice escape sequence). My config is: X11R6pl11+XFree86_3.1.1 33MHz 486, 16M RAM, FreeBSD current, swapinfo: swapinfo Device 1K-blocks Used Avail Capacity Type /dev/sd0s2b 32768 11456 21248 35% Interleaved /dev/sd2s3b 32768 11440 21264 35% Interleaved kernel conf: device lpt0 at isa? port 0x378 tty irq 7 vector lptintr device lpt1 at isa? port 0x278 tty (only lpt0 connected) dmesg reports lpt0 at 0x378-0x37f irq 7 on isa lpt0: Interrupt-driven port lp0: TCP/IP capable interface lpt1 at 0x278-0x27f on isa All other task were quiescent, there was no serial or ether traffic (other ether device powered off, so no broadcast stuff either) I had X running, 2 ghostviews, 6 xterms (all quiescent) no crontab driven system resource leaching stuff, & all my hard drives were quiescent. The keystrokes I typed while the OS went signle mindedly about flushing its file to laser were latched, & my vi in xterm did finally respond to go up screen 4 lines (without screen roll, so not even a screen redraw needed), but the response was abysmal (reminded me of the bad old days of inbuilt print software under Wordstar ;-) The laser has 4M of extension RAM, so it wasnt overflow causing weird errors, The data was a .pcl file previously produced by Ghostscript from a .ps (I dont have a Postscript cartridge in my laser, I guess if one did, it might stop FreeBSD flow periodically, to process data, thus giving FreeBSD a chance to to service other requests, but I have nothing to stop the full 600K of data being sent to the parallel port). So it seems the parallel port output flush is running at too high a priority for too long. If I've forgotten to mention something, please let me know. -- -- -- -- -- -- -- -- -- -- Julian Stacey Recommended , Alternate Localhost From owner-freebsd-current Thu Jun 22 12:28:47 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA21995 for current-outgoing; Thu, 22 Jun 1995 12:28:47 -0700 Received: from hutcs.cs.hut.fi (root@hutcs.cs.hut.fi [130.233.192.2]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id MAA21985 for ; Thu, 22 Jun 1995 12:28:44 -0700 Received: from shadows.cs.hut.fi by hutcs.cs.hut.fi with SMTP id AA03550 (5.65c8/HUTCS-S 1.4 for ); Thu, 22 Jun 1995 22:28:24 +0300 From: Heikki Suonsivu Received: (hsu@localhost) by shadows.cs.hut.fi (8.6.10/8.6.10) id WAA26211; Thu, 22 Jun 1995 22:28:34 +0300 Date: Thu, 22 Jun 1995 22:28:34 +0300 Message-Id: <199506221928.WAA26211@shadows.cs.hut.fi> To: freebsd-current@freefall.cdrom.com Subject: Does -o async do anything? Organization: Helsinki University of Technology, Otaniemi, Finland Sender: current-owner@FreeBSD.org Precedence: bulk I needed to copy a news partition over to another disk, so I told mount -o async on those disks. There was no noticeable improvement in performance. Neither it seems to have any effect on a running news system, which should gain considerably on doing asyncronous writes. The hardware is a P90 with 4G seagate hawk, no load other than copy (ie. cpu is practically idle). On a similar linux system it was hard to tell whether it was tar tf or tar xvf running, so it would seem that FreeBSD -o async doesn't disable all synchronous writing, if anything at all? -- Heikki Suonsivu, T{ysikuu 10 C 83/02210 Espoo/FINLAND, hsu@cs.hut.fi home +358-0-8031121 work -4513377 fax -4555276 riippu SN From owner-freebsd-current Thu Jun 22 12:42:03 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA22600 for current-outgoing; Thu, 22 Jun 1995 12:42:03 -0700 Received: from silver.sms.fi ([194.111.122.1]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id MAA22572 for ; Thu, 22 Jun 1995 12:41:27 -0700 Received: (from pete@localhost) by silver.sms.fi (8.6.11/8.6.9) id WAA01382; Thu, 22 Jun 1995 22:41:05 +0300 Date: Thu, 22 Jun 1995 22:41:05 +0300 Message-Id: <199506221941.WAA01382@silver.sms.fi> From: Petri Helenius To: Julian Howard Stacey Cc: current@freebsd.org Subject: kernel response In-Reply-To: <199506221515.RAA00867@vector.eikon.e-technik.tu-muenchen.de> References: <199506221515.RAA00867@vector.eikon.e-technik.tu-muenchen.de> Sender: current-owner@freebsd.org Precedence: bulk Julian Howard Stacey writes: > > So it seems the parallel port output flush is running at too high a priority > for too long. > > If I've forgotten to mention something, please let me know. > This has happened to me also, both with 2.0R and SNAP-950322. Haven't upgraded from that so I cannot tell whether it has been fixed. Pete From owner-freebsd-current Thu Jun 22 22:15:49 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id WAA21323 for current-outgoing; Thu, 22 Jun 1995 22:15:49 -0700 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id WAA21317 for ; Thu, 22 Jun 1995 22:15:44 -0700 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id PAA26155; Fri, 23 Jun 1995 15:13:12 +1000 Date: Fri, 23 Jun 1995 15:13:12 +1000 From: Bruce Evans Message-Id: <199506230513.PAA26155@godzilla.zeta.org.au> To: current@freebsd.org, jhs@vector.eikon.e-technik.tu-muenchen.de Subject: Re: kernel response Sender: current-owner@freebsd.org Precedence: bulk >When I print via the standard spooler (lpr -#2), a 300K file, going to an hp3p >laser via a parallel port, all screen updating goes dead for several seconds, >( the -#2 doubles the data, doesnt use the PCL5 print twice escape sequence). Interrupt driven lpt output can't go faster than about 150K/sec to an ISA port (each byte takes at least 4 i/o's in the driver and 2 in the interrupt handler (unless AUTO_EOI_1 is defined - it should be the default but isn't) and each i/o takes > 1usec). If the printer can keep up with 150K/sec, then it will generate a solid block of interrupts and timeout routines, including the one that updates the screen, will not run for several seconds. 20 seconds for 3MB of output :-(. >So it seems the parallel port output flush is running at too high a priority >for too long. It isn't all that high, but it's higher than none, so it blocks timeouts, and it's equal to tty priority, so it may block echoing of type-ahead even for the console. sio uses timeouts so lpt interrupts certainly block everything except the interrupt handler. Bruce From owner-freebsd-current Fri Jun 23 02:09:06 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id CAA29804 for current-outgoing; Fri, 23 Jun 1995 02:09:06 -0700 Received: from eikon.regent.e-technik.tu-muenchen.de (root@eikon.regent.e-technik.tu-muenchen.de [129.187.42.3]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id CAA29728 ; Fri, 23 Jun 1995 02:08:31 -0700 Received: from vector.eikon.e-technik.tu-muenchen.de ([129.187.142.36]) by eikon.regent.e-technik.tu-muenchen.de with SMTP id <55309>; Fri, 23 Jun 1995 11:04:03 +0200 Received: from localhost (localhost [127.0.0.1]) by vector.eikon.e-technik.tu-muenchen.de (8.6.11/8.6.9) with SMTP id BAA04270; Fri, 23 Jun 1995 01:10:08 +0200 Message-Id: <199506222310.BAA04270@vector.eikon.e-technik.tu-muenchen.de> X-Authentication-Warning: vector.eikon.e-technik.tu-muenchen.de: Host localhost didn't use HELO protocol To: "Rodney W. Grimes" cc: paul@freebsd.org, mark@grondar.za, FreeBSD-current@freebsd.org, kuku@acds.physik.rwth-aachen.de Subject: Re: DES, crypt and eBones In-reply-to: Your message of "Tue, 20 Jun 1995 20:46:38 +0200." <199506201846.LAA02283@gndrsh.aac.dev.com> Date: Fri, 23 Jun 1995 01:10:07 +0200 From: "Julian Stacey " Sender: current-owner@freebsd.org Precedence: bulk > but without > a site as devoted to FreeBSD as freefall by corporate dollar I don't see > us moving the bits any place. gil.physik.rwth-aachen.de is backed by the German government's Deutsche Mark, it's been available as a `volunteer host' for a long time, it's just lacking people doing things on it (it is of course a FreeBSD host). If we mirror the src cvs & majordomo security lists from the non-USA master site to a backup site, _and_ to freefall, we will have more security against any one site or regime causing problems, than we do for the rest of the code base. A South African or German site could be ideal as crypt master. All the US folks could continue to sup off their USA mirror of the SA or German master site, but we'd be a step away from USA gov't interference. We could also put a short README in all the directories, saying that as the USA Government discriminates against non USA citizens & persecutes its own citizens, that anyone using crypt code should refuse to provide any information whatsoever regarding code derivation to any USA government person. The purpose being to allay fears of our USA BSD friends. The notice itself should be drafted by a non USA person (Mark or Paul ?) and generally agreed to by core@freebsd Perhaps our notice should be the corollory of the USA notice ? Our notice should be phrased to be as equally obnoxious to the USA government, as their notice is that they force on USA FTP sites, where one is instructed to ask the local USA embassy's ruling on how USA national law overides local national law. (Correct answer: not at all, each nation has it's own sovereign jurisdiction) Those CVS commiters who are USA based could be offered the choice of being included or excluded from CVS access lists (thus they could say to the US authorities: "Hey, don't blame, I didn't do that, I don't even have write access" ) Our Crypt code work should be done outside the USA, if the link between USA & SA is too slow or low bandwidth try `gil' by the German/Belgian border, a couple of core@freebsd people (Rod & ?) already have logins for that host. gil.physik.rwth-aachen.de is controlled by kuku@acds.physik.rwth-aachen.de Julian Stacey Recommended , Alternate Localhost From owner-freebsd-current Fri Jun 23 02:59:54 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id CAA01169 for current-outgoing; Fri, 23 Jun 1995 02:59:54 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id CAA01162 for ; Fri, 23 Jun 1995 02:59:51 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id CAA10181; Fri, 23 Jun 1995 02:41:48 -0700 From: "Rodney W. Grimes" Message-Id: <199506230941.CAA10181@gndrsh.aac.dev.com> Subject: Re: DES, crypt and eBones To: jhs@vector.eikon.e-technik.tu-muenchen.de (Julian Stacey) Date: Fri, 23 Jun 1995 02:41:48 -0700 (PDT) Cc: FreeBSD-current@FreeBSD.Org (FreeBSD current) In-Reply-To: <199506222310.BAA04270@vector.eikon.e-technik.tu-muenchen.de> from "Julian Stacey" at Jun 23, 95 01:10:07 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 3813 Sender: current-owner@FreeBSD.Org Precedence: bulk [CC: trimmed to -current, all of those folks should be on there] > > > > but without > > a site as devoted to FreeBSD as freefall by corporate dollar I don't see > > us moving the bits any place. > > gil.physik.rwth-aachen.de is backed by the German government's Deutsche Mark, > it's been available as a `volunteer host' for a long time, it's just lacking > people doing things on it (it is of course a FreeBSD host). And government backing is not garanteed to stay around, infact that is the kind that suddenly dissapears on you when you least expect it. Isn't that a university machine that will probably go away when Christoph P. Kukulies leaves the university (say, like after graduation). > If we mirror the src cvs & majordomo security lists from the non-USA master > site to a backup site, _and_ to freefall, we will have more > security against any one site or regime causing problems, than > we do for the rest of the code base. Some one has already pointed out the flaw in that plan, importing as well as exporting munitions is a violation of State Department regulations. DES, and for that mater most encryption software, is classified as a minution by the US State Department, and many foreign governments. > A South African or German site could be ideal as crypt master. > All the US folks could continue to sup off their USA mirror of the SA > or German master site, but we'd be a step away from USA gov't interference. > > We could also put a short README in all the directories, saying that as the > USA Government discriminates against non USA citizens & persecutes its own > citizens, that anyone using crypt code should refuse to provide any > information whatsoever regarding code derivation to any USA government person. It is a criminal act to ``refuse to provide any information'' if the requester is any form of US policing agency. A sure fire way to land yourself behind bars in a hurry. Alls they have to do is get a Sepona for the information, and then find you in contempt of court when you fail to produce it. > The purpose being to allay fears of our USA BSD friends. > The notice itself should be drafted by a non USA person (Mark or Paul ?) > and generally agreed to by core@freebsd The act of doing this could be considered treason and or a conspiracy to defraud the federal government. I think that would hold true in almost any country. > Perhaps our notice should be the corollory of the USA notice ? > Our notice should be phrased to be as equally obnoxious to the USA > government, as their notice is that they force on USA FTP sites, > where one is instructed to ask the local USA embassy's ruling on how USA > national law overides local national law. > (Correct answer: not at all, each nation has it's own sovereign jurisdiction) It does when you are accessing a machine within the USA. > Those CVS commiters who are USA based could be offered the choice of > being included or excluded from CVS access lists (thus they could say to > the US authorities: > "Hey, don't blame, I didn't do that, I don't even have write access" ) That is not a reasonable defense and would not work as one, especially for any one who had root access or prior knowledge of the law being broken (can you say passive accompliss(sp)). > Our Crypt code work should be done outside the USA, if the link between > USA & SA is too slow or low bandwidth try `gil' by the German/Belgian border, > a couple of core@freebsd people (Rod & ?) already have logins for that host. > > gil.physik.rwth-aachen.de is controlled by kuku@acds.physik.rwth-aachen.de Then allow Mr. Kukulies to offer the services, not you. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD From owner-freebsd-current Fri Jun 23 04:08:42 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id EAA03041 for current-outgoing; Fri, 23 Jun 1995 04:08:42 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id EAA03035 for ; Fri, 23 Jun 1995 04:08:22 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id NAA01767 for ; Fri, 23 Jun 1995 13:08:06 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id NAA26234 for ; Fri, 23 Jun 1995 13:08:05 +0200 Message-Id: <199506231108.NAA26234@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: current@freebsd.org Subject: Re: DES, crypt and eBones - Non US Site Date: Fri, 23 Jun 1995 13:08:04 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk This seems to have got lost, and is also too good to be true! (I remailed it from -hackers, and there is no crypto discussion going on there) >From _my_ point of view this is _really_ good, as I am already using this machine as my Foreign FTP server. M > From: Bertus Pretorius > Date: Thu, 22 Jun 1995 21:36:30 +0200 (SAT) > Subject: Re: DES, crypt and eBones - Non US Site > > I resend this because of the distribution problems which many had. > > Many things deleted.... > > > > > > Give me a site stable enough that could be used and I we can talk it > > > up in -core. But from past record we are not doing to good here. We > > > have had 3 folks from outside the USA start down this road, and we are > > > hoping that that Mark can stay with it for the long haul, but without > > > a site as devoted to FreeBSD as freefall by corporate dollar I don't see > > > us moving the bits any place. > > > > > > > > > -- > > > Rod Grimes rgrimes@gndrsh.aac.dev.co m > > > Accurate Automation Company Custom computers for FreeBS D > > > > > > > > On this point, sorry for the lateness - I was on leave and even though jhay > (John Hay) is good at development, he is a bit slow on giving me important > messages - and I missed this one :) (He gave me a 'klap' for this). > > We, at the CSIR - the bunch that takes care of skeleton (Mark's crypt and eBo nes > site) should qualify for the above needed place. In fact we are volutering t o > do the job. First I need to give some background to motivate our commitment > to such a site. > > We are part of the Councel for Scientific Industrial Research of South Africa From owner-freebsd-current Fri Jun 23 08:39:05 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA11577 for current-outgoing; Fri, 23 Jun 1995 08:39:05 -0700 Received: from ibp.ibp.fr (ibp.ibp.fr [132.227.60.30]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id IAA11569 for ; Fri, 23 Jun 1995 08:39:02 -0700 Received: from blaise.ibp.fr (blaise.ibp.fr [132.227.60.1]) by ibp.ibp.fr (8.6.12/jtpda-5.0) with ESMTP id RAA08310 ; Fri, 23 Jun 1995 17:38:47 +0200 Received: from (roberto@localhost) by blaise.ibp.fr (8.6.12/jtpda-5.0) id RAA08100 ; Fri, 23 Jun 1995 17:38:46 +0200 From: roberto@blaise.ibp.fr (Ollivier Robert) Message-Id: <199506231538.RAA08100@blaise.ibp.fr> Subject: Re: DES, crypt and eBones To: rgrimes@gndrsh.aac.dev.com (Rodney W. Grimes) Date: Fri, 23 Jun 1995 17:38:46 +0200 (MET DST) Cc: jhs@vector.eikon.e-technik.tu-muenchen.de, FreeBSD-current@FreeBSD.Org In-Reply-To: <199506230941.CAA10181@gndrsh.aac.dev.com> from "Rodney W. Grimes" at Jun 23, 95 02:41:48 am X-Operating-System: FreeBSD BUILT-19950501 ctm#617 X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 396 Sender: current-owner@FreeBSD.Org Precedence: bulk > Some one has already pointed out the flaw in that plan, importing as well > as exporting munitions is a violation of State Department regulations. I'm not sure at all about import. I've always heard that exporting was forbidden but *not* import. -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@FreeBSD.ORG FreeBSD keltia 2.0-BUILT-19950503 #3: Wed May 3 19:53:04 MET DST 1995 From owner-freebsd-current Sat Jun 24 04:55:38 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id EAA06432 for current-outgoing; Sat, 24 Jun 1995 04:55:38 -0700 Received: from mail.cs.tu-berlin.de (root@mail.cs.tu-berlin.de [130.149.17.13]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id EAA06425 for ; Sat, 24 Jun 1995 04:55:35 -0700 Received: from caramba.cs.tu-berlin.de (wosch@caramba.cs.tu-berlin.de [130.149.144.4]) by mail.cs.tu-berlin.de (8.6.12/8.6.12) with ESMTP id NAA06681 for ; Sat, 24 Jun 1995 13:53:08 +0200 From: Wolfram Schneider Received: (wosch@localhost) by caramba.cs.tu-berlin.de (8.6.12/8.6.9) id NAA08874; Sat, 24 Jun 1995 13:53:04 +0200 Date: Sat, 24 Jun 1995 13:53:04 +0200 Message-Id: <199506241153.NAA08874@caramba.cs.tu-berlin.de> To: current@freebsd.org Subject: FreeBSD-current/src/usr.sbin/Makefile - kbdmap MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: current-owner@freebsd.org Precedence: bulk Why is kbdmap not in Makefile? Wolfram From owner-freebsd-current Sat Jun 24 08:52:51 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA14475 for current-outgoing; Sat, 24 Jun 1995 08:52:51 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id IAA14469 ; Sat, 24 Jun 1995 08:52:32 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id RAA00302; Sat, 24 Jun 1995 17:52:11 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id RAA03235; Sat, 24 Jun 1995 17:52:06 +0200 Message-Id: <199506241552.RAA03235@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: "Rodney W. Grimes" cc: paul@freebsd.org, mark@grondar.za, current@freebsd.org, csgr@freebsd.org, Wollman@halloran-eldar.lcs.mit.edu, jkh@freefall.cdrom.com, gibbs@freefall.cdrom.com Subject: Crypt code summary(2). Date: Sat, 24 Jun 1995 17:52:05 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk > Give me a site stable enough that could be used and I we can talk it > up in -core. But from past record we are not doing to good here. We > have had 3 folks from outside the USA start down this road, and we are > hoping that that Mark can stay with it for the long haul, but without > a site as devoted to FreeBSD as freefall by corporate dollar I don't see > us moving the bits any place. Well, well, well! we may have such a thing! The kind folks at CSIR in South Africa who give me the Skeleton site for sourcing the crypto stuff have offered their machine for just this! (See mail to -hackers and bounce by me to the -current list). They are offering this machine as a full-blown code maintenance (cvs, ctm etc) site. I have also had a chat to Geoff Rehmet (who was originally the driving force behind our crypto code, and he would like to carry on his FreeBSD hacking, but not in any leadership position. He is most interested in working on the crypto code and ctm. Just to summarise (quite a bit for Geoff's sake) what the state of the movements are going to be, I will list what we have agreed upon, (or still need to!). I have lousy skills in summarising, and I forget a lot, so if there are any screwups, please GENTLY correct! Proposal: --------- 1) DES library to be replaced by Eric Young's (eay) latest offering and imported into secure/lib/des as a vendor branch. The header file, des.h to go be installed into /usr/include (orthogonality with MIT Kerberos) 2) (Little discussion here) eay's Secure Sockets Library (SSL) to be imported in a similar way to above. (This is how secure telnet, FTP etc will work). 3) (More discussion here) eay's other libraries (rc4, rsa etc) to be treated as ports if used at all. 4) eBones directory to be re-organised into include/ lib/ usr.bin/ etc. structure similar to gnu and secure. Garrett "wanted to do this", Geoff thinks it is a good idea (telephone conversation). Other bits of Kerberos funtionality to be added (Can't remember the names now). 5) After chatting to Geoff, it is apparent that our current structure of libcrypt, libdcrypt and libcipher is not optimal, but will have to stay for a while. Only change I would like to see is Poul-Henning's suggestion of merging the MD5 into the DES crypt(3) code so a DES'ed station could still get passwords from someone running MD5 crypt. 6) Bugs to be fixed (NIS/eBones incompatibility). 7) (eventually) secure RPC to be finished. Comments? M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 From owner-freebsd-current Sat Jun 24 09:55:27 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id JAA16108 for current-outgoing; Sat, 24 Jun 1995 09:55:27 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id JAA16102 ; Sat, 24 Jun 1995 09:55:22 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id JAA13105; Sat, 24 Jun 1995 09:54:49 -0700 From: "Rodney W. Grimes" Message-Id: <199506241654.JAA13105@gndrsh.aac.dev.com> Subject: Re: Crypt code summary(2). To: mark@grondar.za (Mark Murray) Date: Sat, 24 Jun 1995 09:54:48 -0700 (PDT) Cc: paul@freebsd.org, mark@grondar.za, current@freebsd.org, csgr@freebsd.org, Wollman@halloran-eldar.lcs.mit.edu, jkh@freefall.cdrom.com, gibbs@freefall.cdrom.com In-Reply-To: <199506241552.RAA03235@grumble.grondar.za> from "Mark Murray" at Jun 24, 95 05:52:05 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 4444 Sender: current-owner@freebsd.org Precedence: bulk > > > Give me a site stable enough that could be used and I we can talk it > > up in -core. But from past record we are not doing to good here. We > > have had 3 folks from outside the USA start down this road, and we are > > hoping that that Mark can stay with it for the long haul, but without > > a site as devoted to FreeBSD as freefall by corporate dollar I don't see > > us moving the bits any place. > > Well, well, well! we may have such a thing! > > The kind folks at CSIR in South Africa who give me the Skeleton site for > sourcing the crypto stuff have offered their machine for just this! > (See mail to -hackers and bounce by me to the -current list). They are > offering this machine as a full-blown code maintenance (cvs, ctm etc) > site. I have read these, and it looks to be a reasonable site. I still need clarification on the legality of importing DES and crypto code from that site to a US site. After that is done we would need a machine running FreeBSD to set up the cvs/ctm/sup stuff on, heck if I am going to try and port that to any other platform or even try!!! > I have also had a chat to Geoff Rehmet (who was originally the driving > force behind our crypto code, and he would like to carry on his FreeBSD > hacking, but not in any leadership position. He is most interested in > working on the crypto code and ctm. Glad you have been able to contact Geoff, that should surely help the smooth the transitional stages of all of this since you now have some insite into just what the previsious person was thinking and doing before you got to the bits. > Just to summarise (quite a bit for Geoff's sake) what the state of the > movements are going to be, I will list what we have agreed upon, (or still > need to!). I have lousy skills in summarising, and I forget a lot, so if > there are any screwups, please GENTLY correct! > > Proposal: > --------- > > 1) DES library to be replaced by Eric Young's (eay) latest offering and > imported into secure/lib/des as a vendor branch. The header file, des.h > to go be installed into /usr/include (orthogonality with MIT Kerberos) Confirmed, that was the final out come as I recall it. > 2) (Little discussion here) eay's Secure Sockets Library (SSL) to be > imported in a similar way to above. (This is how secure telnet, FTP > etc will work). I would like to see the copyright conditions and such on this, is this more of Eric Young's work? What is your proposed import location? Is this code exportable from the US? Much more discussion needed :-(. How much modification is needed to telnet/ftp/etc to use libssl? Can we wrapperize this so that all's you do is changed a shared library and boom you have SSL capible telnet? Kinda like the DES/crypt stuff is done, change the libcrypt.so link and instant switch from MD5 to DES. > 3) (More discussion here) eay's other libraries (rc4, rsa etc) to be > treated as ports if used at all. I think this is the easy way to handle these, since no code in /usr/src would need them. > 4) eBones directory to be re-organised into include/ lib/ usr.bin/ etc. > structure similar to gnu and secure. Garrett "wanted to do this", > Geoff thinks it is a good idea (telephone conversation). Other bits > of Kerberos funtionality to be added (Can't remember the names now). Agreed now that the other parties have had there say in the matter and I have a better picture of what was, is, and is to be. > 5) After chatting to Geoff, it is apparent that our current structure > of libcrypt, libdcrypt and libcipher is not optimal, but will have to > stay for a while. Only change I would like to see is Poul-Henning's > suggestion of merging the MD5 into the DES crypt(3) code so a DES'ed > station could still get passwords from someone running MD5 crypt. I don't think it was a merge of the code so much as a proposal for autodetection of MD5 password types and to call the right routine. This would involve changes to login and such, but not to the libraries them selves. > 6) Bugs to be fixed (NIS/eBones incompatibility). :-), enough said, you have defanitly brought the NIS code up to a working implementation compared to what it was!!! > 7) (eventually) secure RPC to be finished. > > Comments? All above. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD From owner-freebsd-current Sat Jun 24 23:09:43 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id XAA10682 for current-outgoing; Sat, 24 Jun 1995 23:09:43 -0700 Received: from silvia.HIP.Berkeley.EDU (silvia.HIP.Berkeley.EDU [136.152.64.181]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id XAA10668 ; Sat, 24 Jun 1995 23:09:38 -0700 Received: (from asami@localhost) by silvia.HIP.Berkeley.EDU (8.6.11/8.6.9) id XAA16800; Sat, 24 Jun 1995 23:09:35 -0700 Date: Sat, 24 Jun 1995 23:09:35 -0700 Message-Id: <199506250609.XAA16800@silvia.HIP.Berkeley.EDU> To: current@freebsd.org, ports@freebsd.org CC: Paul Kranenburg Subject: ldconfig -m From: asami@cs.berkeley.edu (Satoshi Asami) Sender: current-owner@freebsd.org Precedence: bulk (Note crossposting -- followups to "ports" only, please) There is a new option "-m" (for "merge") in -current's ldconfig. It will add entries found in specified directories to the hints file. This work is mostly done by the mighty Paul Kranenburg (thanks!). Which means we no longer need to know what the user gave to the previous ldconfig command in order to invoke it safely. This allows us to add lines like post-install: ldconfig -m ${PREFIX}/lib in ports Makefiles and @exec ldconfig -m %B in packing lists, and we won't see any more questions like "I installed Xpm, why can't I run xfig?!?". Also, this will make batch compiles easier too. For instance, this has enabled me to build the mule-canna package, without Canna first installed, to complete successfully. Before, I had to watch the compilation and type "ldconfig /usr/local/lib /usr/X11R6/lib" right after the Canna installation, or temacs would core dump. The downside of this is that you can no longer install packages that include shared libraries without becoming superuser. Also, people who grab ports should make sure they get the latest ldconfig too, because the old ldconfig will barf at the -m option. But all in all, I should say this is one of the brightest days in ports history. :) Satoshi