From owner-freebsd-current Tue Jun 20 07:58:10 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id HAA23081 for current-outgoing; Tue, 20 Jun 1995 07:58:10 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id HAA23055 ; Tue, 20 Jun 1995 07:57:37 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id QAA01160; Tue, 20 Jun 1995 16:57:26 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id QAA02441; Tue, 20 Jun 1995 16:57:23 +0200 Message-Id: <199506201457.QAA02441@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: rgrimes@gndrsh.aac.dev.com, Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org Subject: The great crypt reshuffle Date: Tue, 20 Jun 1995 16:57:22 +0200 From: Mark Murray Sender: current-owner@freebsd.org Precedence: bulk Hi There has been good discussion over the last couple of days, and this is an attempt to summarise the concensus so far, and turn it into an agreed-upon proposal. Where I have gotten wrong, please gently correct, where I have forgotten please remind etc... 1) The DES library is to move from eBones to secure/lib/libdes. des.h (the public header for this library) moves from /usr/include/kerberosIV to /usr/include, and to be updated with much more recent code from Eric Young, the original author. 2) crypt(3) and friends in libcipher to be replaced with faster code from same author as libdes, and to merge with libdes. (I know, not much concensus here - I'm just pushing my luck) 3) libcrypts containing _only_ des crypt(3) and md5 crypt(3) to remain unchanged (Except perhaps for newer code in des crypt(3)) to maintain possible foreign licensing. One selected as the _real_ libcrypt by symlink. 4) (Very little discussion here) Other libraries containing crypto code (ssl, rsa, md4, idea (where legal/appropriate)) be placed in secure/lib/lib*/ and turned into a separate library. Some of this code may cause serious trouble for owners in certain countries. (eg rsa in US.) The public headers for these to be placed in /usr/include for orthogonality with des.h in 1) above. 5) secure/usr.bin/telnet is kerberised, and as such should move to eBones. 6) (not discussed at all - I think) Eric Young has not touched eBones for _years_, and is not likely to. The code in eBones is a mess, and I would like to rebuild it as a lib/ include/ usr.bin/ usr.sbin/ structure for orthogonality with secure and gnu. This is more-or-less how the original code looked. 7) More will follow as I start to work on it (Secure RPC etc). M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200