From owner-freebsd-security Sun May 2 9:56:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 88283153AE; Sun, 2 May 1999 09:56:12 -0700 (PDT) (envelope-from mark@grondar.za) Received: from greenpeace.grondar.za (greenpeace.grondar.za [196.7.18.132]) by gratis.grondar.za (8.9.3/8.9.3) with ESMTP id SAA36566; Sun, 2 May 1999 18:56:11 +0200 (SAST) (envelope-from mark@grondar.za) Received: from grondar.za (localhost [127.0.0.1]) by greenpeace.grondar.za (8.9.3/8.9.3) with ESMTP id SAA03362; Sun, 2 May 1999 18:56:10 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199905021656.SAA03362@greenpeace.grondar.za> To: Eivind Eklund Cc: freebsd-security@FreeBSD.ORG Subject: Re: Blowfish/Twofish In-Reply-To: Your message of " Sun, 02 May 1999 18:46:25 +0200." <19990502184625.E32819@bitbox.follo.net> References: <21634.925539195@critter.freebsd.dk> <19990502144906.E23950@bitbox.follo.net> <199905021458.QAA02696@greenpeace.grondar.za> <19990502170929.B32819@bitbox.follo.net> <199905021541.RAA02885@greenpeace.grondar.za> <19990502181647.C32819@bitbox.follo.net> <199905021627.SAA03150@greenpeace.grondar.za> <19990502184625.E32819@bitbox.follo.net> Date: Sun, 02 May 1999 18:56:09 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Eivind Eklund wrote: > > Ditto for Kerberos, and Kerberos got there first :-) > > I know - I'm trying to find the lesser of the two evils. That's why I > was asking if it was used outside of Kerberos itself. Only kerberised tools like X, fetchmail, sudo, oracle and so on. :-) > They use x.509 and the Sun package signature standard. As far as I > remember, it would be possible to re-implement parts of the code based > on something other than x.509 (e.g, DSA) and still be marginally > compliant (no other tools would work, but the standard allows > alternate signature algorithms, and signatures based on several public > key system on the same package). However, that would be more work > than I'll have time for in the forseeable future :-( Hmm - some of that stuff can be added to libmd with ease :-) > The code was written with the assumption that we could make it work by > just requiring the libcrypto from (then) SSLeay in order to actually > do any signature checking by just opening it dynamically and check > signatures if it was there. May I see the code? M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message