From owner-freebsd-current Tue Jun 20 08:23:45 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA24178 for current-outgoing; Tue, 20 Jun 1995 08:23:45 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id IAA24172 ; Tue, 20 Jun 1995 08:23:41 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id IAA01730; Tue, 20 Jun 1995 08:23:31 -0700 From: "Rodney W. Grimes" Message-Id: <199506201523.IAA01730@gndrsh.aac.dev.com> Subject: Re: The great crypt reshuffle To: mark@grondar.za (Mark Murray) Date: Tue, 20 Jun 1995 08:23:31 -0700 (PDT) Cc: Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org In-Reply-To: <199506201457.QAA02441@grumble.grondar.za> from "Mark Murray" at Jun 20, 95 04:57:22 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 3253 Sender: current-owner@freebsd.org Precedence: bulk > > Hi > > There has been good discussion over the last couple of days, and this > is an attempt to summarise the concensus so far, and turn it into an > agreed-upon proposal. Where I have gotten wrong, please gently correct, > where I have forgotten please remind etc... > > 1) The DES library is to move from eBones to secure/lib/libdes. > des.h (the public header for this library) moves from > /usr/include/kerberosIV to /usr/include, and to be updated with > much more recent code from Eric Young, the original author. Fine, just remeber to add it to the list of places to install header files from when doing ``make includes'' in /usr/src. See target includes: in /usr/src/Makefile. > 2) crypt(3) and friends in libcipher to be replaced with faster code > from same author as libdes, and to merge with libdes. (I know, not > much concensus here - I'm just pushing my luck) We need to know just what it was that csgr had in mind when he was doing all of this. From the README.FreeBSD in libcipher I get the feeling he was going the other way, but evenutally wanted to collapse the libraries: gndrsh# more README.FreeBSD $Id: README.FreeBSD,v 1.1.1.1 1994/09/07 21:18:07 csgr Exp $ This is FreeSec package for NetBSD, unchanged for FreeBSD, except for the Makefile. The other stuff in libcrypt will be added in stages! gndrsh# > 3) libcrypts containing _only_ des crypt(3) and md5 crypt(3) to remain > unchanged (Except perhaps for newer code in des crypt(3)) to maintain > possible foreign licensing. One selected as the _real_ libcrypt by > symlink. Okay! > 4) (Very little discussion here) Other libraries containing crypto > code (ssl, rsa, md4, idea (where legal/appropriate)) be placed in > secure/lib/lib*/ and turned into a separate library. Some of this > code may cause serious trouble for owners in certain countries. (eg > rsa in US.) The public headers for these to be placed in /usr/include > for orthogonality with des.h in 1) above. I would just rather leave this code by the way side as far as /usr/src goes. We already have enough legal problems with the current set of code and I think doing this would open a can of works. Perhaps making a ``port'' collection that installed into /usr/local/lib would be a better path to take (pun intended). > 5) secure/usr.bin/telnet is kerberised, and as such should move to > eBones. Agreed. > 6) (not discussed at all - I think) Eric Young has not touched eBones > for _years_, and is not likely to. The code in eBones is a mess, and I > would like to rebuild it as a lib/ include/ usr.bin/ usr.sbin/ > structure for orthogonality with secure and gnu. This is more-or-less > how the original code looked. Then why was it changed to be the way it is now? We need this input and reasoning from Geoff before I can accept changing it yet again. There must have been (hopefully) some reason that he drastically changed it from the way that it was originally. > 7) More will follow as I start to work on it (Secure RPC etc). One thing at a time please... :-) :-) -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD