Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 24 Jun 1995 09:54:48 -0700 (PDT)
From:      "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com>
To:        mark@grondar.za (Mark Murray)
Cc:        paul@freebsd.org, mark@grondar.za, current@freebsd.org, csgr@freebsd.org, Wollman@halloran-eldar.lcs.mit.edu, jkh@freefall.cdrom.com, gibbs@freefall.cdrom.com
Subject:   Re: Crypt code summary(2).
Message-ID:  <199506241654.JAA13105@gndrsh.aac.dev.com>
In-Reply-To: <199506241552.RAA03235@grumble.grondar.za> from "Mark Murray" at Jun 24, 95 05:52:05 pm

next in thread | previous in thread | raw e-mail | index | archive | help
> 
> > Give me a site stable enough that could be used and I we can talk it
> > up in -core.  But from past record we are not doing to good here.  We
> > have had 3 folks from outside the USA start down this road, and we are
> > hoping that that Mark can stay with it for the long haul, but without
> > a site as devoted to FreeBSD as freefall by corporate dollar I don't see
> > us moving the bits any place.
> 
> Well, well, well! we may have such a thing!
> 
> The kind folks at CSIR in South Africa who give me the Skeleton site for
> sourcing the crypto stuff have offered their machine for just this!
> (See mail to -hackers and bounce by me to the -current list). They are 
> offering this machine as a full-blown code maintenance (cvs, ctm etc)
> site.

I have read these, and it looks to be a reasonable site.  I still need
clarification on the legality of importing DES and crypto code from that
site to a US site.  After that is done we would need a machine running
FreeBSD to set up the cvs/ctm/sup stuff on, heck if I am going to try
and port that to any other platform or even try!!!

> I have also had a chat to Geoff Rehmet (who was originally the driving
> force behind our crypto code, and he would like to carry on his FreeBSD
> hacking, but not in any leadership position. He is most interested in
> working on the crypto code and ctm.

Glad you have been able to contact Geoff, that should surely help the
smooth the transitional stages of all of this since you now have some
insite into just what the previsious person was thinking and doing
before you got to the bits.

> Just to summarise (quite a bit for Geoff's sake) what the state of the
> movements are going to be, I will list what we have agreed upon, (or still
> need to!). I have lousy skills in summarising, and I forget a lot, so if
> there are any screwups, please GENTLY correct!
> 
> Proposal:
> ---------
> 
> 1) DES library to be replaced by Eric Young's (eay) latest offering and
>    imported into secure/lib/des as a vendor branch. The header file, des.h
>    to go be installed into /usr/include (orthogonality with MIT Kerberos)

Confirmed, that was the final out come as I recall it.

> 2) (Little discussion here) eay's Secure Sockets Library (SSL) to be
>    imported in a similar way to above. (This is how secure telnet, FTP
>    etc will work).

I would like to see the copyright conditions and such on this, is this
more of Eric Young's work?  What is your proposed import location?  Is
this code exportable from the US?  Much more discussion needed :-(.

How much modification is needed to telnet/ftp/etc to use libssl?  Can
we wrapperize this so that all's you do is changed a shared library
and boom you have SSL capible telnet?  Kinda like the DES/crypt stuff
is done, change the libcrypt.so link and instant switch from MD5 to
DES.

> 3) (More discussion here) eay's other libraries (rc4, rsa etc) to be
>    treated as ports if used at all.

I think this is the easy way to handle these, since no code in /usr/src
would need them.

> 4) eBones directory to be re-organised into include/ lib/ usr.bin/ etc.
>    structure similar to gnu and secure. Garrett "wanted to do this",
>    Geoff thinks it is a good idea (telephone conversation). Other bits
>    of Kerberos funtionality to be added (Can't remember the names now).

Agreed now that the other parties have had there say in the matter and
I have a better picture of what was, is, and is to be.

> 5) After chatting to Geoff, it is apparent that our current structure
>    of libcrypt, libdcrypt and libcipher is not optimal, but will have to
>    stay for a while. Only change I would like to see is Poul-Henning's
>    suggestion of merging the MD5 into the DES crypt(3) code so a DES'ed
>    station could still get passwords from someone running MD5 crypt.

I don't think it was a merge of the code so much as a proposal for
autodetection of MD5 password types and to call the right routine.  This
would involve changes to login and such, but not to the libraries them
selves.

> 6) Bugs to be fixed (NIS/eBones incompatibility).

:-), enough said, you have defanitly brought the NIS code up to a
working implementation compared to what it was!!!

> 7) (eventually) secure RPC to be finished.
> 
> Comments?
All above.



-- 
Rod Grimes                                      rgrimes@gndrsh.aac.dev.com
Accurate Automation Company                 Reliable computers for FreeBSD



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506241654.JAA13105>