Subject: Re: LONG - Re: /rescue, crunchgen'ed?
To: NetBSD-current <firstname.lastname@example.org>
From: sudog <email@example.com>
Date: 08/30/2002 13:55:31
On Friday 30 August 2002 13:11, Bill Studenmund wrote:
> You assume all auth modules will be using the network. One of the biggies
> I have in mind is something that would use dedicated hardware. Like
> securecards or some other thing. There you're talking to a local device,
> which will be around. While probably not super-common, these are the kinds
> of things that get added as site-mandates (i.e. if the site decides to use
> it, they tend to require ALL boxes to use it).
Mm.. just to point something out here: what percentage of our total userbase
actually has (or even intends to use) a smartcard or hardware-based
authentication device? And what makes you think that the drivers for
smartcard or hardware-based authentication are going to be anything but
one-offs for the people who use them?
And even if they are well-used; What companies are going to want to donate
their hardware-specific security drivers back to the NetBSD project in source
form for the rest of us to puzzle at (and exploit)? And even if they do--how
much of the rest of the NetBSD population is going to own these devices and
make use of the drivers?
I'd hate to end up with a framework that needs to be specially accommodated by
the rest of us just to satisfy some numerically insignificant minority.
(In other words--this in particular is a bad reason. The other reasons I'm
probably not qualified to comment on--this one I am. I realize we're
meandering towards embedded devices but if that's the case, then say so--"The
future is embedded devices and this is part of that direction.")