Subject: Re: LONG - Re: /rescue, crunchgen'ed?
To: sudog <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 08/30/2002 15:28:50
On Fri, 30 Aug 2002, sudog wrote:
> On Friday 30 August 2002 13:11, Bill Studenmund wrote:
> > You assume all auth modules will be using the network. One of the biggies
> > I have in mind is something that would use dedicated hardware. Like
> > securecards or some other thing. There you're talking to a local device,
> > which will be around. While probably not super-common, these are the kinds
> > of things that get added as site-mandates (i.e. if the site decides to use
> > it, they tend to require ALL boxes to use it).
> Mm.. just to point something out here: what percentage of our total userbase
> actually has (or even intends to use) a smartcard or hardware-based
> authentication device? And what makes you think that the drivers for
> smartcard or hardware-based authentication are going to be anything but
> one-offs for the people who use them?
Numbers? Probably small. Value to users who need? Probably large.
What does one-offedness of drivers have to do with this?
> And even if they are well-used; What companies are going to want to donate
> their hardware-specific security drivers back to the NetBSD project in source
> form for the rest of us to puzzle at (and exploit)? And even if they do--how
> much of the rest of the NetBSD population is going to own these devices and
> make use of the drivers?
?? Do you realize your comments whcih seem to be anti-module are actually
part of why we want to do it?
Yes, vendors may well NOT want to release source for auth modules. By
supporting binary modules, they won't have to.
> I'd hate to end up with a framework that needs to be specially accommodated by
> the rest of us just to satisfy some numerically insignificant minority.
> (In other words--this in particular is a bad reason. The other reasons I'm
> probably not qualified to comment on--this one I am. I realize we're
> meandering towards embedded devices but if that's the case, then say so--"The
> future is embedded devices and this is part of that direction.")
No, the future we want to open is binary-only add-ons to NetBSD. While I
don't know how many auth modules will be covered, I know without this
change, NONE will.