From owner-freebsd-current Sat Jun 24 09:55:27 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id JAA16108 for current-outgoing; Sat, 24 Jun 1995 09:55:27 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id JAA16102 ; Sat, 24 Jun 1995 09:55:22 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id JAA13105; Sat, 24 Jun 1995 09:54:49 -0700 From: "Rodney W. Grimes" Message-Id: <199506241654.JAA13105@gndrsh.aac.dev.com> Subject: Re: Crypt code summary(2). To: mark@grondar.za (Mark Murray) Date: Sat, 24 Jun 1995 09:54:48 -0700 (PDT) Cc: paul@freebsd.org, mark@grondar.za, current@freebsd.org, csgr@freebsd.org, Wollman@halloran-eldar.lcs.mit.edu, jkh@freefall.cdrom.com, gibbs@freefall.cdrom.com In-Reply-To: <199506241552.RAA03235@grumble.grondar.za> from "Mark Murray" at Jun 24, 95 05:52:05 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 4444 Sender: current-owner@freebsd.org Precedence: bulk > > > Give me a site stable enough that could be used and I we can talk it > > up in -core. But from past record we are not doing to good here. We > > have had 3 folks from outside the USA start down this road, and we are > > hoping that that Mark can stay with it for the long haul, but without > > a site as devoted to FreeBSD as freefall by corporate dollar I don't see > > us moving the bits any place. > > Well, well, well! we may have such a thing! > > The kind folks at CSIR in South Africa who give me the Skeleton site for > sourcing the crypto stuff have offered their machine for just this! > (See mail to -hackers and bounce by me to the -current list). They are > offering this machine as a full-blown code maintenance (cvs, ctm etc) > site. I have read these, and it looks to be a reasonable site. I still need clarification on the legality of importing DES and crypto code from that site to a US site. After that is done we would need a machine running FreeBSD to set up the cvs/ctm/sup stuff on, heck if I am going to try and port that to any other platform or even try!!! > I have also had a chat to Geoff Rehmet (who was originally the driving > force behind our crypto code, and he would like to carry on his FreeBSD > hacking, but not in any leadership position. He is most interested in > working on the crypto code and ctm. Glad you have been able to contact Geoff, that should surely help the smooth the transitional stages of all of this since you now have some insite into just what the previsious person was thinking and doing before you got to the bits. > Just to summarise (quite a bit for Geoff's sake) what the state of the > movements are going to be, I will list what we have agreed upon, (or still > need to!). I have lousy skills in summarising, and I forget a lot, so if > there are any screwups, please GENTLY correct! > > Proposal: > --------- > > 1) DES library to be replaced by Eric Young's (eay) latest offering and > imported into secure/lib/des as a vendor branch. The header file, des.h > to go be installed into /usr/include (orthogonality with MIT Kerberos) Confirmed, that was the final out come as I recall it. > 2) (Little discussion here) eay's Secure Sockets Library (SSL) to be > imported in a similar way to above. (This is how secure telnet, FTP > etc will work). I would like to see the copyright conditions and such on this, is this more of Eric Young's work? What is your proposed import location? Is this code exportable from the US? Much more discussion needed :-(. How much modification is needed to telnet/ftp/etc to use libssl? Can we wrapperize this so that all's you do is changed a shared library and boom you have SSL capible telnet? Kinda like the DES/crypt stuff is done, change the libcrypt.so link and instant switch from MD5 to DES. > 3) (More discussion here) eay's other libraries (rc4, rsa etc) to be > treated as ports if used at all. I think this is the easy way to handle these, since no code in /usr/src would need them. > 4) eBones directory to be re-organised into include/ lib/ usr.bin/ etc. > structure similar to gnu and secure. Garrett "wanted to do this", > Geoff thinks it is a good idea (telephone conversation). Other bits > of Kerberos funtionality to be added (Can't remember the names now). Agreed now that the other parties have had there say in the matter and I have a better picture of what was, is, and is to be. > 5) After chatting to Geoff, it is apparent that our current structure > of libcrypt, libdcrypt and libcipher is not optimal, but will have to > stay for a while. Only change I would like to see is Poul-Henning's > suggestion of merging the MD5 into the DES crypt(3) code so a DES'ed > station could still get passwords from someone running MD5 crypt. I don't think it was a merge of the code so much as a proposal for autodetection of MD5 password types and to call the right routine. This would involve changes to login and such, but not to the libraries them selves. > 6) Bugs to be fixed (NIS/eBones incompatibility). :-), enough said, you have defanitly brought the NIS code up to a working implementation compared to what it was!!! > 7) (eventually) secure RPC to be finished. > > Comments? All above. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD